https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158174
--- webalizer-2.01-10/webalizer.c.confuser 2005-09-21 13:32:40.000000000 +0100
+++ webalizer-2.01-10/webalizer.c 2005-09-21 13:33:43.000000000 +0100
@@ -252,6 +254,8 @@
int max_ctry; /* max countries defined */
+ struct stat st;
+
/* month names used for parsing logfile (shouldn't be lang specific) */
char *log_month[12]={ "jan", "feb", "mar",
"apr", "may", "jun",
@@ -266,8 +270,8 @@
sprintf(tmp_buf,"%s/webalizer.conf",ETCDIR);
/* check for default config file */
- if (!access("webalizer.conf",F_OK))
- get_config("webalizer.conf");
+ if (stat("webalizer.conf", &st) == 0 && st.st_uid == getuid())
+ get_config("webalizer.conf");
else if (!access(tmp_buf,F_OK))
get_config(tmp_buf);
--- webalizer-2.01-10/webalizer.1.confuser 2001-10-23 07:05:50.000000000 +0100
+++ webalizer-2.01-10/webalizer.1 2005-09-21 13:32:40.000000000 +0100
@@ -44,7 +44,8 @@
.B o
A default configuration file is scanned for. A file named
\fIwebalizer.conf\fP is searched for in the current directory, and if
-found, it's configuration data is parsed. If the file is not
+found, and is owned by the invoking user, then its configuration data is parsed.
+If the file is not
present in the current directory, the file \fI/etc/webalizer.conf\fP
is searched for and, if found, is used instead.
.TP 8