Mailing List Archive

userdir fixed
When a URL such as htpp:/www.steam.com/~cliffs was requested from the
server an incorrect redirect gets sent back to the client. In factr
the redirect exposes the systems file structure. The
problem was that the userdir alias was not getting unmunged correctly.

The fix was to set alias_used for userdir processed aliases. A small
change to add_alias() and translate_name() did the trick.

I've uploaded my fix as B74 to hyperreal, I suggest a build of 0.6.1
is in order.

Cliff
Re: userdir fixed [ In reply to ]
Date: Sun, 16 Apr 95 12:33 BST
From: drtr@ast.cam.ac.uk (David Robinson)

Oh fsck. So I should have trusted my intuition, and stayed with original
decision. Yes, there should be a build of 0.6.1. But this must be 0.6
without the change to unmunge_name, i.e. without B57. So -1 on B74, and
a veto on any other change to unmunge_name without very good reason.

David.

Seconded. I'm still not entirely sure what problem B57 is supposed to
address, but it's caused serious problems two weeks in a row. I've
backed out of it for my own builds, and I really think we should table
the thing until at *least* after beta 1.

rst
Re: userdir fixed [ In reply to ]
> Seconded. I'm still not entirely sure what problem B57 is supposed to
> address,

It screws up all kinds of unaliased->alised translations. David
has seen it logging the wrong filenames, and I've seen it incorrectly
set cgi variables.

> but it's caused serious problems two weeks in a row. I've
> backed out of it for my own builds, and I really think we should table
> the thing until at *least* after beta 1.

How about holding off on any *new* patches for the next few days, and
build a 0.7b out of 0.6. Aim for a Wednesday rebuild maybe ?

I think it'll help to have a specific date in mind for the first beta.

However, I'll build a 0.6.1 if that's what's wanted.


robh
Re: userdir fixed [ In reply to ]
Cliff wrote:
>1) If I access a URL like "http://www.steam.com/~cliffs/" all is well,
>but with http://www.steam.com/~cliffs, I get a redirect to
>"http://www.steam.com/export/home/cliffs/public_html" which is bad :(

and
>When a URL such as htpp:/www.steam.com/~cliffs was requested from the
>server an incorrect redirect gets sent back to the client. In factr
>the redirect exposes the systems file structure. The
>problem was that the userdir alias was not getting unmunged correctly.
>
>The fix was to set alias_used for userdir processed aliases. A small
>change to add_alias() and translate_name() did the trick.
>
>I've uploaded my fix as B74 to hyperreal, I suggest a build of 0.6.1
>is in order.

Oh fsck. So I should have trusted my intuition, and stayed with original
decision. Yes, there should be a build of 0.6.1. But this must be 0.6
without the change to unmunge_name, i.e. without B57. So -1 on B74, and
a veto on any other change to unmunge_name without very good reason.

David.
Re: userdir fixed [ In reply to ]
On Apr 16, 11:55am, Rob Hartill wrote:
} Subject: Re: userdir fixed
}
} > Seconded. I'm still not entirely sure what problem B57 is supposed to
} > address,
}
} It screws up all kinds of unaliased->alised translations. David
} has seen it logging the wrong filenames, and I've seen it incorrectly
} set cgi variables.
}
} > but it's caused serious problems two weeks in a row. I've
} > backed out of it for my own builds, and I really think we should table
} > the thing until at *least* after beta 1.
}
} How about holding off on any *new* patches for the next few days, and
} build a 0.7b out of 0.6. Aim for a Wednesday rebuild maybe ?
}
} I think it'll help to have a specific date in mind for the first beta.
}
} However, I'll build a 0.6.1 if that's what's wanted.

If it is a real problem, then leave it in...but B57 is quite
ugly to be honest. If we keep it (vote again?) we need to
have B74 with it. We need to pull B57 out or put
B74 in for a 0.6.1 in any case. 0.6 is plain broken IMHO.

Cliff
Re: userdir fixed [ In reply to ]
> If it is a real problem, then leave it in...but B57 is quite
> ugly to be honest. If we keep it (vote again?) we need to
> have B74 with it. We need to pull B57 out or put
> B74 in for a 0.6.1 in any case. 0.6 is plain broken IMHO.

0.6 has been replaced with 0.6.1 no B57 or B74
Re: userdir fixed [ In reply to ]
From: Rob Hartill <hartill@ooo.lanl.gov>
Date: Sun, 16 Apr 95 11:55:45 MDT

How about holding off on any *new* patches for the next few days, and
build a 0.7b out of 0.6. Aim for a Wednesday rebuild maybe ?

Hmmm... as long as we're not going to beat NCSA out of the door
anyway, it might make sense to hold off long enough to get the
non-forking code (and perhaps AddHandler, if it's non-problematic)
into the Apache mainline.

(The only reason I mention AddHandler is that the implementation
shouldn't have any side effects whatever in cases which don't cause
handlers to be invoked; if it was as invasive as, say, my B23, I
wouldn't even be putting it forward at this time).

I think it'll help to have a specific date in mind for the first beta.

However, I'll build a 0.6.1 if that's what's wanted.

Thanks for doing so.

rst