[torquedev] Liblog chk_file_sec() function bugs

James Erickson jms at yahoo-inc.com
Thu Sep 27 18:53:42 MDT 2007


I'm not sure if this is exactly the right place for reporting this bug so if
not please point me in the right direction.

file: src/lib/Liblog/chk_file_sec.c
function: chk_file_sec()

It's not that important of a function but it probably needs a rewrite or
removal. It should not fail if a parent directory allows other users write
access. There is also a trivial buffer overflow where sprintf is used
because it's only allocating _POSIX_PATH_MAX size yet it should be
_POSIX_PATH_MAX + length of any strings added to the print statement.

This bug causes me major grief due to the way I have Torque installed in a
world writable directory. 



More information about the torquedev mailing list