mod_curb ridiculously unsafe tmp file creation

Jan Srzednicki w at expro.pl
Sun Jan 29 03:04:38 PST 2006


On Sun, Jan 29, 2006 at 11:57:04AM +0100, Eriam Schaffter wrote:
> Hello
> 
> Why is that so unsafe ?

If I (as any unprivileged user) symlink /tmp/modcurb.log to anything
that the Apache user has access to, the module will blindly append it's
log data to that file, which can corrupt binary or structuralized text
files of any kind. No checking if /tmp/modcurb.log exists is done at
all.

Anyway, /tmp is a pretty dumb location for a log file.

-- 
Jan Srzednicki
w at expro.pl



More information about the freebsd-apache mailing list