From owner-freebsd-apache@FreeBSD.ORG Sun Jan 29 10:57:23 2006 Return-Path: X-Original-To: apache@freebsd.org Delivered-To: freebsd-apache@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F182416A420 for ; Sun, 29 Jan 2006 10:57:23 +0000 (GMT) (envelope-from eriam@eriamschaffter.info) Received: from web.mediavirtuel.com (web.mediavirtuel.com [62.73.1.171]) by mx1.FreeBSD.org (Postfix) with ESMTP id E748843D53 for ; Sun, 29 Jan 2006 10:57:22 +0000 (GMT) (envelope-from eriam@eriamschaffter.info) Received: from localhost (unknown [127.0.0.1]) by web.mediavirtuel.com (Postfix) with ESMTP id 3D7BB21929D; Sun, 29 Jan 2006 13:02:29 +0000 (UTC) Received: from web.mediavirtuel.com ([127.0.0.1]) by localhost (web.mediavirtuel.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 94730-01-3; Sun, 29 Jan 2006 13:02:25 +0000 (UTC) Received: from eriam (cable-62-205-111-142.upc.chello.be [62.205.111.142]) by web.mediavirtuel.com (Postfix) with ESMTP id 105BB2190FD; Sun, 29 Jan 2006 13:02:25 +0000 (UTC) From: "Eriam Schaffter" To: "'Jan Srzednicki'" Date: Sun, 29 Jan 2006 11:57:04 +0100 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 In-Reply-To: <20060129105418.GL34989@miranda.expro.pl> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thread-Index: AcYk0+lzpbJ2nbi0RVyYWcyil8O1lQAEWIUw Message-Id: <20060129130225.105BB2190FD@web.mediavirtuel.com> X-Virus-Scanned: amavisd-new at web.mediavirtuel.org Cc: apache@freebsd.org Subject: RE: mod_curb ridiculously unsafe tmp file creation X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Jan 2006 10:57:24 -0000 Hello Why is that so unsafe ? Thanks > -----Message d'origine----- > De : owner-freebsd-apache@freebsd.org > [mailto:owner-freebsd-apache@freebsd.org] De la part de Jan Srzednicki > Envoyé : dimanche, 29. janvier 2006 11:54 > À : apache@freebsd.org > Objet : mod_curb ridiculously unsafe tmp file creation > > Hi, > > I've discovered that mod_curb (ports/www/mod_curb) uses a > ridiculously unsafe method to access a file in /tmp: > > file mod_curb.c, line 42: > > log = fopen( "/tmp/modcurb.log","a" ); > > The same issue exists in other software written by this > author, but fortunately there's nothing more of it in ports. :) > > -- > Jan Srzednicki > w@expro.pl > > _______________________________________________ > freebsd-apache@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-apache > To unsubscribe, send any mail to > "freebsd-apache-unsubscribe@freebsd.org" > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.375 / Virus Database: 267.14.23/243 - Release > Date: 27.01.2006 > > -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.14.23/243 - Release Date: 27.01.2006