Daemon News Ezine BSD News BSD Mall BSD Support Forum BSD Advocacy BSD Updates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

mod_curb ridiculously unsafe tmp file creation


I've discovered that mod_curb (ports/www/mod_curb) uses a ridiculously
unsafe method to access a file in /tmp:

file mod_curb.c, line 42:
  log = fopen( "/tmp/modcurb.log","a" );

The same issue exists in other software written by this author, but
fortunately there's nothing more of it in ports. :)

Jan Srzednicki