X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/be85c0ca6d22ad4e566decab30edf494e07f51bf..a4ce0468f6f562ad4ec749f156528aa5b3f2fe39:/doc/bugs/Insecure_dependency_in_mkdir.mdwn diff --git a/doc/bugs/Insecure_dependency_in_mkdir.mdwn b/doc/bugs/Insecure_dependency_in_mkdir.mdwn index 4c7d8ebbe..72e503019 100644 --- a/doc/bugs/Insecure_dependency_in_mkdir.mdwn +++ b/doc/bugs/Insecure_dependency_in_mkdir.mdwn @@ -58,6 +58,37 @@ I can't see any related entries. Any ideas? >> I need a set of files that you know I can use to reproduce the bug. >> --[[Joey]] +>>> OK, I've just sent you the URL where you can find all files you need :) +>>> +>>> Probably I know how to reproduce the bug. You have to erase all files from +>>> `/var/www/blog` before mass rebuilding. This is my `mass-rebuild.sh` script: +>>> +>>> #!/bin/bash +>>> +>>> rm -rf /var/www/blog/* +>>> ikiwiki --setup ikiwiki.setup --getctime --verbose +>>> +>>> I noticed that the bug was "resolved" when I added to my blog new entry +>>> and commited the changes. Before I created all directories and touched +>>> empty `*.html` files in `/var/www/blog` directory. Probably it's not +>>> necessary, because without a new blog revision the bug still existed +>>> and `ikiwiki` still failed. +>>> +>>> --[[Paweł|ptecza]] + >> I'd forgotten about [this perl bug](http://bugs.debian.org/411786). ->> If your problem is that bug, I can't help, it's a real bug in perl. ->> --[[Joey]] +>> All I can do is work around it by disabling the taint checking. :-( +>> (Which I've [[done]].) --[[Joey]] + +>>> Ubuntu Gutsy also has Perl 5.8.8-7, so probably it has the bug too. +>>> --[[Paweł|ptecza]] + +>>>> I just got it while building my latest version of git.ikiwiki.info + my stuff. +>>>> Only thing different in my version in IkiWiki.pm is that I moved a </a> over +>>>> a word (for createlink), and disabled the lowercasing of created pages. Running +>>>> Lenny's Perl. --[[simonraven]] + +>>>> Simon, I'm not clear what version of ikiwiki you're using. +>>>> Since version 2.40, taint checking has been disabled by +>>>> default due to the underlying perl bug. Unless you +>>>> build ikiwiki with NOTAINT=0. --[[Joey]]