From owner-freebsd-apache@FreeBSD.ORG  Sun Jan 29 11:04:37 2006
Return-Path: <owner-freebsd-apache@FreeBSD.ORG>
X-Original-To: apache@freebsd.org
Delivered-To: freebsd-apache@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D805716A420
	for <apache@freebsd.org>; Sun, 29 Jan 2006 11:04:37 +0000 (GMT)
	(envelope-from w@expro.pl)
Received: from mailin1.expro.pl (mailin1.expro.pl [193.25.166.20])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 702F543D45
	for <apache@freebsd.org>; Sun, 29 Jan 2006 11:04:37 +0000 (GMT)
	(envelope-from w@expro.pl)
Received: from miranda-1.dmz.exprozone ([10.0.16.20] helo=miranda.expro.pl)
	(envelope-sender <w@expro.pl>)
	by mailin1.expro.pl with esmtp (Exim 4.50)
	id 1F3AMF-0003OF-Jy; Sun, 29 Jan 2006 12:04:36 +0100
Received: by miranda.expro.pl (Postfix, from userid 1001)
	id A462A54817; Sun, 29 Jan 2006 12:04:35 +0100 (CET)
Date: Sun, 29 Jan 2006 12:04:35 +0100
From: Jan Srzednicki <w@expro.pl>
To: Eriam Schaffter <eriam@eriamschaffter.info>
Message-ID: <20060129110435.GM34989@miranda.expro.pl>
References: <20060129105418.GL34989@miranda.expro.pl>
	<20060129130225.105BB2190FD@web.mediavirtuel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20060129130225.105BB2190FD@web.mediavirtuel.com>
User-Agent: Mutt/1.5.11
Cc: apache@freebsd.org
Subject: Re: mod_curb ridiculously unsafe tmp file creation
X-BeenThere: freebsd-apache@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Support of apache-related ports  <freebsd-apache.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-apache>, 
	<mailto:freebsd-apache-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-apache>
List-Post: <mailto:freebsd-apache@freebsd.org>
List-Help: <mailto:freebsd-apache-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-apache>,
	<mailto:freebsd-apache-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Jan 2006 11:04:38 -0000

On Sun, Jan 29, 2006 at 11:57:04AM +0100, Eriam Schaffter wrote:
> Hello
> 
> Why is that so unsafe ?

If I (as any unprivileged user) symlink /tmp/modcurb.log to anything
that the Apache user has access to, the module will blindly append it's
log data to that file, which can corrupt binary or structuralized text
files of any kind. No checking if /tmp/modcurb.log exists is done at
all.

Anyway, /tmp is a pretty dumb location for a log file.

-- 
Jan Srzednicki
w@expro.pl