[Systems] mirrorbrain - sugarlabs - sql lookup error

David Farning dfarning at sugarlabs.org
Mon Oct 26 20:46:56 EDT 2009


Thanks Peter,

I have a couple other enhancement requests I am eager to send.  I'll
try to let you get resettled from you holiday first.

david

On Mon, Oct 26, 2009 at 2:58 PM, Peter Pöml <poeml at cmdline.net> wrote:
> Hi David (& the rest of the team),
>
> On 11.10.2009, at 20:00, David Farning wrote:
>
>> Arggg fixed it.
>>
>> Apache2/sites-available/download-testing.sugarlabs.org was pointing to
>> /var/www-sugarlabs/download which was a symlink to /srv/uploads.
>>
>> Once the the apache config was working pointing at a normal directory
>> it worked correctly.
>
> Ah, I see.
>
> Thanks for digging into it!
>
>
> I wonder how we can make this more foolproof. I can think of two ways:
>
> 1) add documentation that explains this -- but how to make sure that it is
> not missed?
>
> 2) add a check to mod_mirrorbrain that is performed at Apache start time,
> which resolves the directory to its canonical path and checks whether they
> match. If the check fails, either prevent starting or log an error message.
>
> The config typically looks like this:
>    <Directory /srv/mirrors/openoffice>
>        MirrorBrainEngine On
> ...
>
> 3) thinking more about 2), I realize that all that's needed is to
> canonicalize the directory name in the beginning, and use the canonicalized
> path instead of the directory where the config has been placed.
>
>
> Looking at the code, I actually see a comment that confirms the above
> assumptions:
>
>    /* XXX we should forbid symlinks in mirror_base */
>    filename = apr_pstrdup(r->pool, ptr + strlen(cfg->mirror_base));
>
>
> I think 3) is the way to go to prevent us from running into this again!
>
> I'm opening an issue in my new toy, the issue tracker... ;)
>
> Peter
>


More information about the Systems mailing list