[torquedev] Liblog chk_file_sec() function bugs
jms at yahoo-inc.com
Thu Sep 27 18:53:42 MDT 2007
I'm not sure if this is exactly the right place for reporting this bug so if
not please point me in the right direction.
It's not that important of a function but it probably needs a rewrite or
removal. It should not fail if a parent directory allows other users write
access. There is also a trivial buffer overflow where sprintf is used
because it's only allocating _POSIX_PATH_MAX size yet it should be
_POSIX_PATH_MAX + length of any strings added to the print statement.
This bug causes me major grief due to the way I have Torque installed in a
world writable directory.
More information about the torquedev