Closed GoogleCodeExporter closed 8 years ago
[deleted comment]
The function calChecksumFilemon() is in file filemon.c. This function is called
only after opening a specific data file defined by symbolic name
CONFIGFILECHKSUM. The data file defined by CONFIGFILECHKSUM has the owner/group
of root/root and has the permission 0644 (only root can write to this file)
after installation in production environment. There is no user input or user
manipulable part other than the root user. Therefor, the command injection
isn't exploitable. However, for safe coding, there should be checks built-in to
prevent such problems.
Original comment by toddd...@gmail.com
on 27 Nov 2012 at 4:02
The fix to this issue could be pulled from the changes for fix to issue #120.
Original comment by heyyoul...@gmail.com
on 29 Nov 2012 at 11:22
Fixed,
ravi.
r992
Original comment by ravt...@gmail.com
on 30 Nov 2012 at 12:23
Verified with unit testing
Original comment by tbrt....@gmail.com
on 9 Dec 2012 at 9:24
Original issue reported on code.google.com by
sck.no...@gmail.com
on 26 Nov 2012 at 10:16