tags 496398 confirmed patch thanks Hi,
There's indeed this code in alert.d/test.alert: echo "`date` $*" >> /tmp/test.alert.log If I understand the code it is run as root so that is a significant risk. I'm not sure how and when that script is ran though. Still, fixing it is easy, I've attached a patch that moves the log to /var/log. cheers, Thijs
diff -Nur mon-0.99.2.orig/alert.d/test.alert mon-0.99.2/alert.d/test.alert --- mon-0.99.2.orig/alert.d/test.alert 2000-08-26 21:22:34.000000000 +0200 +++ mon-0.99.2/alert.d/test.alert 2008-08-27 21:39:43.000000000 +0200 @@ -1,4 +1,4 @@ #!/bin/sh # # $Id: test.alert 1.1 Sat, 26 Aug 2000 15:22:34 -0400 trockij $ -echo "`date` $*" >> /tmp/test.alert.log +echo "`date` $*" >> /var/log/mon_test.alert.log
pgpJwg4ezC97B.pgp
Description: PGP signature
