You are here: Foswiki>Tasks Web>Item10896 (17 Dec 2011, GeorgeClark)Edit Attach

Item10896: Insecure dependency in configure creating working directory under some environments

Priority: Urgent
Current State: Closed
Released In: 1.1.4
Target Release: patch
Applies To: Engine
Component: Configure
Reported By: PaulHarvey
Waiting For: PaulHarvey
Last Change By: GeorgeClark
From Item10873:

Initial run of configure, setup all the paths, and hit save. Insecure dependency in mkdir while running with -T switch at /home/litt/wikisvn/foswiki/trunk/core/lib/Foswiki/Configure/Checkers/ line 30. on save. Sigh. You'll want to do something like the patch below.

We were not able to reproduce, but the reporter's environment nonetheless produces the error. Timothe's VM produces:
Fresh install of fedora 15 under VirtualBox.  Started with unformatted disk  & fedora .iso, so it's a *really* fresh install :-)

Linux #1 SMP Fri May 27 05:15:53 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux

perl 5, version 12, subversion 3 (v5.12.3) built for x86_64-linux-thread-multi

-- PaulHarvey - 18 Jun 2011

One clue - Checking logs it looks like selinux blocked access to LocalLib.cfg. I haven't had time to track back further, but I think that causes configure to take some different paths - something about reading only some of the spec files and/or treating them as data rather do/require? Memory's failing, but suspect this may have caused the WorkingDir value to come from the spec file rather than LocalSite.cfg. Which may be how it was tainted...

Hope this helps.

-- TimotheLitt - 28 Jun 2011

Support.Question891 has a different insecure dependency problem on Solaris

-- PaulHarvey - 07 Jul 2011

ItemTemplate edit

Summary Insecure dependency in configure creating working directory under some environments
ReportedBy PaulHarvey
Codebase 1.1.3, trunk
SVN Range
AppliesTo Engine
Component Configure
Priority Urgent
CurrentState Closed
WaitingFor PaulHarvey
Checkins distro:8f05b85826e7 distro:84bf01df0e03 distro:7d35999d315c distro:9ecd7e867a18
TargetRelease patch
ReleasedIn 1.1.4
Topic revision: r8 - 17 Dec 2011, GeorgeClark - This page was cached on 24 May 2019 - 01:49.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy