samizdat-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

textdomain.rb Security Error - Insecure operation - exist?

From: boud
Subject: textdomain.rb Security Error - Insecure operation - exist?
Date: Sat, 3 Feb 2007 00:02:43 +0100 (CET) 
hi samizdat-devel,


This is a bug which is difficult to reproduce because it requires a timeout
of some sort, but it does seem to be systematic.

GETTEXT VERSION:
0.8.0-1  (debian sarge)

SYSTEM:
debian sarge or fedore core 2


WHAT THE USER SEES AND WHEN:

Generally when returning to the main page after e.g. 55 minutes of
inactivity and having previously logged in to samizdat and become automatically logged out, the user sees an error message about an internal 
server error and is requested to contact the adminstrators.


SHORT TERM SOLUTION:
In every case that this has happened (on different computers), it has
been sufficient to reload the page in order to solve the "internal server
error".


AN OLD ERROR LOG:

[Tue Dec 19 02:06:46 2006] [error] mod_ruby: 
/usr/lib/ruby/1.8/gettext/textdomain.rb:139:in `exist?': Insecure operation - 
exist? (SecurityError)
[Tue Dec 19 02:06:46 2006] [error] mod_ruby:   from 
/usr/lib/ruby/1.8/gettext/textdomain.rb:139:in `load_mo'
[Tue Dec 19 02:06:46 2006] [error] mod_ruby:   from 
/usr/lib/ruby/1.8/gettext/textdomain.rb:136:in `each'
[Tue Dec 19 02:06:46 2006] [error] mod_ruby:   from 
/usr/lib/ruby/1.8/gettext/textdomain.rb:136:in `load_mo'
[Tue Dec 19 02:06:46 2006] [error] mod_ruby:   from 
/usr/lib/ruby/1.8/gettext/textdomain.rb:135:in `each'
[Tue Dec 19 02:06:46 2006] [error] mod_ruby:   from 
/usr/lib/ruby/1.8/gettext/textdomain.rb:135:in `load_mo'
[Tue Dec 19 02:06:46 2006] [error] mod_ruby:   from 
/usr/lib/ruby/1.8/gettext/textdomain.rb:39:in `initialize'
[Tue Dec 19 02:06:46 2006] [error] mod_ruby:   from 
/usr/lib/ruby/1.8/gettext.rb:39:in `new'
[Tue Dec 19 02:06:46 2006] [error] mod_ruby:   from 
/usr/lib/ruby/1.8/gettext.rb:39:in `bindtextdomain'
[Tue Dec 19 02:06:46 2006] [error] mod_ruby:    ... 10 levels...
[Tue Dec 19 02:06:46 2006] [error] mod_ruby:   from 
/usr/lib/ruby/1.8/samizdat/engine/session.rb:28:in `request'



A MORE RECENT ERROR LOG:

ERROR LOG:

Samizdat: Insecure operation - exist?
Exception: SecurityError
Error ID: 46385326a0126130fb7a706afd382ec1
CGI parameters: {}
Backtrace:
/usr/lib/ruby/1.8/gettext/textdomain.rb:139:in `exist?'
/usr/lib/ruby/1.8/gettext/textdomain.rb:139:in `load_mo'
/usr/lib/ruby/1.8/gettext/textdomain.rb:136:in `each'
/usr/lib/ruby/1.8/gettext/textdomain.rb:136:in `load_mo'
/usr/lib/ruby/1.8/gettext/textdomain.rb:135:in `each'
/usr/lib/ruby/1.8/gettext/textdomain.rb:135:in `load_mo'
/usr/lib/ruby/1.8/gettext/textdomain.rb:39:in `initialize'
/usr/lib/ruby/1.8/gettext.rb:39:in `new'
/usr/lib/ruby/1.8/gettext.rb:39:in `bindtextdomain'
/usr/lib/ruby/1.8/samizdat/engine.rb:72:in `samizdat_bindtextdomain'
/usr/lib/ruby/1.8/samizdat/engine/session.rb:75:in `language='
/usr/lib/ruby/1.8/samizdat/engine/template.rb:523:in `language_list'
/usr/lib/ruby/1.8/samizdat/engine/template.rb:521:in `each'
/usr/lib/ruby/1.8/samizdat/engine/template.rb:521:in `language_list'
/usr/lib/ruby/1.8/samizdat/engine/template.rb:637:in `page'
/opt/ruby/share/samizdat/cgi-bin/index.rb:122:in `front_page'
/opt/ruby/share/samizdat/cgi-bin/index.rb:230
/usr/lib/ruby/1.8/samizdat/engine/session.rb:28:in `request'
/usr/lib/ruby/1.8/samizdat/engine/session.rb:303:in `response'
/usr/lib/ruby/1.8/samizdat/engine/session.rb:28:in `request'
/usr/share/samizdat/cgi-bin/index.rb:125
/usr/lib/ruby/1.8/apache/ruby-run.rb:53:in `load'
/usr/lib/ruby/1.8/apache/ruby-run.rb:53:in `handler'



HYPOTHESIS:

My guess is that this is something to do with caching and/or the user
being logged in/out and that there are some situations in which
 .mo files are considered untainted (or no check for taintedness is made)
and other situations, e.g. after the cache needs to be updated, when
the .mo file(s) are considered tainted and hence a security alert as
found occurs.

However, i've tried

cache.rb:
( def initialize(timeout=20, max_size=5000)  # test only !!!!!!!!! #
OR
 def initialize(timeout=20, max_size=5)  # test only !!!!!!!!! #
)

AND/OR

defaults.yaml:
  login: 20
  last: 20

and have not been able to reproduce the error under controlled conditions.



SUGGESTED PATCH (EXTERNAL TO SAMIZDAT)

This patch (external to samizdat) is motivated by the error trace in the
error log. i tried it some time ago and it seemed to me that the error
stopped until i did a samizdat update with aptitude update/upgrade.

Since then, i have left textdomain.rb in its unpatched state in order
to try to catch the bug.   The problem is that since the bug happens
after some time of inactivity (e.g. an hour), i no longer remember the
exact sequence of things i did when i last accessed the site as a user...



diff -u /usr/lib/ruby/1.8/gettext/textdomain.rb 
/usr/lib/ruby/1.8/gettext/textdomain.rb~
--- /usr/lib/ruby/1.8/gettext/textdomain.rb     2006-12-19 02:37:31.005931408 
+0100
+++ /usr/lib/ruby/1.8/gettext/textdomain.rb~    2004-11-11 12:45:35.000000000 
+0100
@@ -136,8 +136,7 @@
       @locales.each{|locale|
         fname = File.join(dir, locale, "LC_MESSAGES", @name + ".mo")
         @search_files << fname
-#        if File.exist?(fname)
-        if File.exist?(fname.untaint)  # hack for samizdat-0.6.0
+        if File.exist?(fname)
           @mo = MOFile.open(fname, @charset)
           @mofiles[locale] = @mo
          break



Any ideas?

cheers
boud
reply via email to
[Prev in Thread] Current Thread [Next in Thread]