Hello Sven
The errors I put in the bug are from the Diffs page, not the error
log. Instead of displaying the differences, the system shows that
error for each section. When things are working the page looks like:
------------------------------------------------------------------------
<<O>> Difference Topic WebHome (r1.70 - 05 May 2005 - TristanLawrence)
Line: 84 to 84
blah
Changed:
< blah1
> blah2
Helpful tools for administration
<<O>> Difference Topic WebHome (r1.69 - 05 May 2005 - TristanLawrence)
Line: 84 to 84
blah3
Changed:
etc etc
------------------------------------------------------------------------
But with the original RDiff.pm it looks like:
------------------------------------------------------------------------
<<O>> Difference Topic WebHome (r1.70 - 05 May 2005 - TWikiGuest)
Deleted:
<
<
Software error:
Insecure dependency in exec while running with -T switch at
/usr/share/perl5/TWiki.pm line 3455.
<<O>> Difference Topic WebHome (r1.69 - 05 May 2005 - TWikiGuest)
Deleted:
<
<
Software error:
Insecure dependency in exec while running with -T switch at
/usr/share/perl5/TWiki.pm line 3455.
etc etc
------------------------------------------------------------------------
This error happens with every single Topic on the entire system,
from "Main.WebHome" to stuff we have created. The only time where
it did not happen was when I created a brand new topic. In this
circumstance the URL looks like:
https://twiki/cgi-bin/twiki/rdiff/Main/TestTopic?rev1=1.1&rev2=1.0
And the Diffs page looks fine even with the original code. As soon
as I edited and saved the existing "TestTopic" I started getting the
error there as well. As I read the code, this is because when it is
the original diff, rev2 gets set to "1" at line 414 of RDiff.pm
and then inside /usr/share/perl5/TWiki/Store/RcsWrap.pm there is
a special case for ( $rev1 eq "1" && $rev2 eq "1" ) which does
not call TWiki::readFromProcess.
But the error does not appear to be data-dependant, and the code
does not suggest that it would be.
---
I actually did think that we were running mod_perl, but I do not
see it in either the output of /usr/sbin/apache2 -l:
Compiled in modules:
core.c
mod_access.c
mod_auth.c
mod_log_config.c
mod_logio.c
mod_env.c
mod_setenvif.c
prefork.c
http_core.c
mod_mime.c
mod_status.c
mod_autoindex.c
mod_negotiation.c
mod_dir.c
mod_alias.c
mod_so.c
or ls /etc/apache2/mods-enabled:
auth_pam.load rewrite.load ssl.load userdir.load
cgi.load ssl.conf userdir.conf
or in the Apache invocation log line:
[Sun May 08 06:25:08 2005] [notice] Apache/2.0.54 (Debian GNU/Linux)
mod_ssl/2.0.54 OpenSSL/0.9.7e configured -- resuming normal operations
So I guess we are not.
---
My /usr/lib/cgi-bin/twiki/rdiff file, which I have not modified, starts
with "#!/usr/bin/perl -wT", which is presumably where Perl gets put into
taint mode. If I drop the "T" from that line things start working again
even with the original RDiff.pm
To test if you are running with taint mode, just throw this into your
RDiff.pm file at line 380:
use Scalar::Util;
if ( Scalar::Util::tainted($rev1) ) { warn "rev1 is tainted!" }
else { warn "rev1 is NOT tainted!" }
Our /etc/apache2/apache2.conf does contain "User www-data", and the
/usr/lib/cgi-bin/twiki/rdiff file is owned by root.
Hope this helps!
Tristan
On Tue, May 10, 2005 at 08:54:14PM +1000, Sven Dowideit wrote:
> Hello Tristan,
>
> as far as i understand it, taint checking is always on, and I'm not
> using mod_perl.
>
> when I do a
> http://sven/cgi-bin/twiki/rdiff/Main/WebHome?rev1=1.20&rev2=1.19 I get
> no entries in /var/log/apache2/error.log file
>
> can you see if you get the problem using the distributed topics? Is
> there anything else you cna think of ? (I'm loath to make changes until
> I know what's causing it, and why its different from my system)
>
> mind you, I don't know what the errors that I had were, i'm not getting
> them this time, so it may well be topic data related :(
>
> Cheers
>
> Sven
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
