Date: Sun, 29 Jan 2006 11:54:18 +0100 From: Jan Srzednicki <w@expro.pl> To: apache@freebsd.org Subject: mod_curb ridiculously unsafe tmp file creation Message-ID: <20060129105418.GL34989@miranda.expro.pl>
next in thread | raw e-mail | index | archive | help
Hi, I've discovered that mod_curb (ports/www/mod_curb) uses a ridiculously unsafe method to access a file in /tmp: file mod_curb.c, line 42: log = fopen( "/tmp/modcurb.log","a" ); The same issue exists in other software written by this author, but fortunately there's nothing more of it in ports. :) -- Jan Srzednicki w@expro.pl
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060129105418.GL34989>