[collectd] insecure tmpfile creation in collection.cgi
Florian Forster
octo at verplant.org
Sun Sep 30 23:26:07 CEST 2007
Hi Mike,
On Sun, Sep 30, 2007 at 10:39:59PM +0300, Michael Shigorin wrote:
> 1788 if (1)
> 1789 {
> 1790 my $fh;
> 1791 open ($fh, ">/tmp/collection.log") or die ("open: $!");
> 1792 flock ($fh, LOCK_EX) or die ("flock: $!");
> 1793
> 1794 print $fh join ("\n\t", @cmd) . "\n";
> 1795
> 1796 close ($fh);
> 1797 }
I've added the code so I could easier debug the RRDTool options that
where automatically created (my usual method of adding comments doesn't
work with PNG images ;). That's the only use there is for that file so
it's perfectly save to change the `if (1)' to a `if (0)' to disable the
block. I'll change the script that's distributed with the tarballs to
disable that block by default..
Thanks for the hint :)
Regards,
-octo
--
Florian octo Forster
Hacker in training
GnuPG: 0x91523C3D
http://verplant.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.verplant.org/pipermail/collectd/attachments/20070930/5ecbb705/attachment.pgp
More information about the collectd
mailing list