Item10896: Insecure dependency in configure creating working directory under some environments
Current State: Closed
Released In: 1.1.4
Target Release: patch
Applies To: Engine
Initial run of
configure, setup all the paths, and hit save.
Insecure dependency in mkdir while running with -T switch at /home/litt/wikisvn/foswiki/trunk/core/lib/Foswiki/Configure/Checkers/WorkingDir.pm line 30. on save. Sigh. You'll want to do something like the patch below.
We were not able to reproduce, but the reporter's environment nonetheless produces the error. Timothe's VM produces:
Fresh install of fedora 15 under VirtualBox. Started with unformatted disk & fedora .iso, so it's a *really* fresh install :-)
Linux host.example.net 188.8.131.52-30.fc15.x86_64 #1 SMP Fri May 27 05:15:53 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
perl 5, version 12, subversion 3 (v5.12.3) built for x86_64-linux-thread-multi
- 18 Jun 2011
One clue - Checking logs it looks like selinux blocked access to LocalLib
.cfg. I haven't had time to track back further, but I think that causes configure to take some different paths - something about reading only some of the spec files and/or treating them as data rather do/require? Memory's failing, but suspect this may have caused the WorkingDir
value to come from the spec file rather than LocalSite
.cfg. Which may be how it was tainted...
Hope this helps.
- 28 Jun 2011
has a different insecure dependency problem on Solaris
- 07 Jul 2011