[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mod_curb ridiculously unsafe tmp file creation

To: Eriam Schaffter <eriam@xxxxxxxxxxxxxxxxxxx>
Subject: Re: mod_curb ridiculously unsafe tmp file creation
From: Jan Srzednicki <w@xxxxxxxx>
Date: Sun, 29 Jan 2006 12:04:35 +0100
Cc: apache@xxxxxxxxxxx
Delivered-to: freebsd-apache@xxxxxxxxxxx
In-reply-to: <20060129130225.105BB2190FD@xxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.freebsd.org/pipermail/freebsd-apache>
List-help: <mailto:freebsd-apache-request@freebsd.org?subject=help>
List-id: Support of apache-related ports <freebsd-apache.freebsd.org>
List-post: <mailto:freebsd-apache@freebsd.org>
List-subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-apache>, <mailto:freebsd-apache-request@freebsd.org?subject=subscribe>
List-unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-apache>, <mailto:freebsd-apache-request@freebsd.org?subject=unsubscribe>
References: <20060129105418.GL34989@xxxxxxxxxxxxxxxx> <20060129130225.105BB2190FD@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.11

On Sun, Jan 29, 2006 at 11:57:04AM +0100, Eriam Schaffter wrote:
> Hello
> 
> Why is that so unsafe ?

If I (as any unprivileged user) symlink /tmp/modcurb.log to anything
that the Apache user has access to, the module will blindly append it's
log data to that file, which can corrupt binary or structuralized text
files of any kind. No checking if /tmp/modcurb.log exists is done at
all.

Anyway, /tmp is a pretty dumb location for a log file.

-- 
Jan Srzednicki
w@xxxxxxxx

References:
- mod_curb ridiculously unsafe tmp file creation
  - From: Jan Srzednicki
- RE: mod_curb ridiculously unsafe tmp file creation
  - From: Eriam Schaffter

Prev by Date: RE: mod_curb ridiculously unsafe tmp file creation
Next by Date: Current problem reports assigned to you
Previous by thread: RE: mod_curb ridiculously unsafe tmp file creation
Next by thread: Current problem reports assigned to you
Index(es):
- Date
- Thread