Eggdev: [Bug 432] Logfile Tcl Command Lacks Validation

bugzilla-daemon at tsss.org bugzilla-daemon at tsss.org
Sun Jun 4 16:49:52 CST 2006


http://www.eggheads.org/bugzilla/show_bug.cgi?id=432

barkerjr at clancdg.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |barkerjr at barkerjr.net
           Severity|normal                      |minor
            Summary|logfile command lacks       |Logfile Tcl Command Lacks
                   |argument checking           |Validation
            Version|other                       |1.6.18 CVS



------- Additional Comments From barkerjr at clancdg.com  2006-06-04 17:49 -------
It should be noted that the <flags> argument is checked for validity, and
invalid flags are dropped.

For the channel parameter, I'm not sure how that could be validated other than
making sure that the first character is #, +, &, or ! and that there are no
spaces in it.  I don't think we can check against the valid channels list,
because the channel to be logged may not have been added yet via 'channel add.'

And for the filename argument, I'm not sure what can be considered invalid.  I
mean every character except '/' is valid in a filename in *nix, right?  And we
have to assume that '/' is valid, as a directory seperator.

Now, 'putlog' silently skips over any logfile where fopen() fails, so that's
safe.  The logfile switch 1) closes the log, 2) deletes the .yesterday file, and
3) renames the current file to .yesterday.  This doesn't seem to cause any
issues, unless it corrupts memory.

I suppose that we could add code to test writability of the file when 'logfile'
is called, but I'm not entirely sure we need to, if it's not causing problems.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the Eggdev mailing list