Daemon News Ezine BSD News BSD Mall BSD Support Forum BSD Advocacy BSD Updates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

mod_curb ridiculously unsafe tmp file creation



Hi,

I've discovered that mod_curb (ports/www/mod_curb) uses a ridiculously
unsafe method to access a file in /tmp:

file mod_curb.c, line 42:
  
  log = fopen( "/tmp/modcurb.log","a" );

The same issue exists in other software written by this author, but
fortunately there's nothing more of it in ports. :)

-- 
Jan Srzednicki
w@xxxxxxxx