Date: Sun, 29 Jan 2006 11:57:04 +0100 From: "Eriam Schaffter" <eriam@eriamschaffter.info> To: "'Jan Srzednicki'" <w@expro.pl> Cc: apache@freebsd.org Subject: RE: mod_curb ridiculously unsafe tmp file creation Message-ID: <20060129130225.105BB2190FD@web.mediavirtuel.com> In-Reply-To: <20060129105418.GL34989@miranda.expro.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Why is that so unsafe ? Thanks > -----Message d'origine----- > De : owner-freebsd-apache@freebsd.org > [mailto:owner-freebsd-apache@freebsd.org] De la part de Jan Srzednicki > Envoyé : dimanche, 29. janvier 2006 11:54 > À : apache@freebsd.org > Objet : mod_curb ridiculously unsafe tmp file creation > > Hi, > > I've discovered that mod_curb (ports/www/mod_curb) uses a > ridiculously unsafe method to access a file in /tmp: > > file mod_curb.c, line 42: > > log = fopen( "/tmp/modcurb.log","a" ); > > The same issue exists in other software written by this > author, but fortunately there's nothing more of it in ports. :) > > -- > Jan Srzednicki > w@expro.pl > > _______________________________________________ > freebsd-apache@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-apache > To unsubscribe, send any mail to > "freebsd-apache-unsubscribe@freebsd.org" > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.375 / Virus Database: 267.14.23/243 - Release > Date: 27.01.2006 > > -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.14.23/243 - Release Date: 27.01.2006
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060129130225.105BB2190FD>