[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: mod_curb ridiculously unsafe tmp file creation



Hello

Why is that so unsafe ?

Thanks

> -----Message d'origine-----
> De : owner-freebsd-apache@xxxxxxxxxxx
> [mailto:owner-freebsd-apache@xxxxxxxxxxx] De la part de Jan Srzednicki
> Envoyé : dimanche, 29. janvier 2006 11:54
> À : apache@xxxxxxxxxxx
> Objet : mod_curb ridiculously unsafe tmp file creation
>
> Hi,
>
> I've discovered that mod_curb (ports/www/mod_curb) uses a
> ridiculously unsafe method to access a file in /tmp:
>
> file mod_curb.c, line 42:
>
>   log = fopen( "/tmp/modcurb.log","a" );
>
> The same issue exists in other software written by this
> author, but fortunately there's nothing more of it in ports. :)
>
> --
> Jan Srzednicki
> w@xxxxxxxx
>
> _______________________________________________
> freebsd-apache@xxxxxxxxxxx mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-apache
> To unsubscribe, send any mail to
> "freebsd-apache-unsubscribe@xxxxxxxxxxx"
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.375 / Virus Database: 267.14.23/243 - Release
> Date: 27.01.2006
>
>

--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 267.14.23/243 - Release Date: 27.01.2006