Closed GoogleCodeExporter closed 8 years ago
[deleted comment]
The function create_checksum_filemon() is in file filemonConfig.c. This
function is called only after opening a specific data file defined by symbolic
name CONFIGFILE from a specific location. The data file defined by CONFGFILE
has the owner/group of root/root and has the permission 0644 (only root can
write to this file) after installation in production environment. There is no
user input or user manipulable part other than the root user. Therefor, the
command injection isn't exploitable. However, for safe coding, there should be
checks built-in to prevent such problems.
Original comment by toddd...@gmail.com
on 27 Nov 2012 at 4:04
This issue was closed by revision r987.
Original comment by heyyoul...@gmail.com
on 28 Nov 2012 at 10:01
Added check for 0-9, please test with build 990+
thanks,
Original comment by heyyoul...@gmail.com
on 29 Nov 2012 at 3:57
Verified with unit testing
Original comment by tbrt....@gmail.com
on 9 Dec 2012 at 9:24
Original issue reported on code.google.com by
sck.no...@gmail.com
on 26 Nov 2012 at 10:17