Question

Moved here from Bugs:Item3987 by CrawfordCurrie

I have found on my hosted (DreamHost) installation of TWIKI that if I edit a topic under the following scenario, the /usr/bin/perl -wT view script hangs forever.

1. Start with a long topic (it doesn't happen if I make the topic short enough)
2. Fully close my browser so I'm not logged in
3. Open the browser and navigate to my TWIKI topic
4. Edit the topic
5. This causes the login dialog to come up
6. I log in. It seems I need to log in on two separate dialogs. The first one is a grey box, the second looks more like a TWIKI page. Both accept my login username and password
7. Try to save my edits. This is where the trouble begins

I played with this quite a bit and it is VERY repeatable. If I shorten the topic, it does not occur. I have to manually kill the perl process, at which time, the save of the edited page completes. I have obtained the following log of events from my shell account for a typical run where I get this to occur.

[data]$ tail log200704.txt
| 27 Apr 2007 - 19:05 | TWikiGuest | view | TWiki.TWikiRegistration |  Mozilla | 66.31.x.x |
| 27 Apr 2007 - 19:06 | JimHeck | edit | Computing.FooTopic |  | 66.31.x.x |
| 27 Apr 2007 - 19:06 | JimHeck | view | TWiki.TWikiRegistration |  | 66.31.x.x |
| 27 Apr 2007 - 19:07 | JimHeck | save | Computing.FooTopic | repRev 1 by JimHeck 2007/04/28 02:07:06 | 66.31.x.x |
| 27 Apr 2007 - 19:07 | JimHeck | view | Computing.FooTopic |  | 66.31.x.x |
| 27 Apr 2007 - 19:08 | TWikiGuest | view | Main.WebHome |  Mozilla | 66.31.x.x |
| 27 Apr 2007 - 19:08 | TWikiGuest | view | Computing.WebHome |  Mozilla | 66.31.x.x |
| 27 Apr 2007 - 19:08 | TWikiGuest | view | Computing.FooTopic |  Mozilla | 66.31.x.x |
| 27 Apr 2007 - 19:08 | TWikiGuest | view | TWiki.TWikiRegistration |  Mozilla | 66.31.x.x |
| 27 Apr 2007 - 19:08 | JimHeck | edit | Computing.FooTopic |  | 66.31.x.x |
[data]$ ps auxwww
USER       PID %CPU %MEM   VSZ  RSS TTY      STAT START   TIME COMMAND
jheck    29802  0.0  0.0  7652 2064 ?        S    17:19   0:00 sshd: jheck@pts/0
jheck    20022  0.0  0.0  4608 1640 pts/0    Ss   17:19   0:00 -bash
jheck     3010  0.8  0.3 15764 14148 ?       S    19:10   0:00 /usr/bin/perl -wT view
jheck     4235  0.0  0.0  2296  732 pts/0    R+   19:11   0:00 ps auxwww
[data]$ ps auxwww
USER       PID %CPU %MEM   VSZ  RSS TTY      STAT START   TIME COMMAND
jheck    29802  0.0  0.0  7652 2064 ?        S    17:19   0:00 sshd: jheck@pts/0
jheck    20022  0.0  0.0  4608 1640 pts/0    Ss   17:19   0:00 -bash
jheck     3010  0.2  0.3 15764 14148 ?       S    19:10   0:00 /usr/bin/perl -wT view
jheck    13772  0.0  0.0  2296  732 pts/0    R+   19:13   0:00 ps auxwww
[data]$ tail log200704.txt
| 27 Apr 2007 - 19:06 | JimHeck | edit | Computing.FooTopic |  | 66.31.x.x |
| 27 Apr 2007 - 19:06 | JimHeck | view | TWiki.TWikiRegistration |  | 66.31.x.x |
| 27 Apr 2007 - 19:07 | JimHeck | save | Computing.FooTopic | repRev 1 by JimHeck 2007/04/28 02:07:06 | 66.31.x.x |
| 27 Apr 2007 - 19:07 | JimHeck | view | Computing.FooTopic |  | 66.31.x.x |
| 27 Apr 2007 - 19:08 | TWikiGuest | view | Main.WebHome |  Mozilla | 66.31.x.x |
| 27 Apr 2007 - 19:08 | TWikiGuest | view | Computing.WebHome |  Mozilla | 66.31.x.x |
| 27 Apr 2007 - 19:08 | TWikiGuest | view | Computing.FooTopic |  Mozilla | 66.31.x.x |
| 27 Apr 2007 - 19:08 | TWikiGuest | view | TWiki.TWikiRegistration |  Mozilla | 66.31.x.x |
| 27 Apr 2007 - 19:08 | JimHeck | edit | Computing.FooTopic |  | 66.31.x.x |
| 27 Apr 2007 - 19:10 | JimHeck | view | TWiki.TWikiRegistration |  | 66.31.x.x |
[data]$ kill 3010
[data]$ tail log200704.txt
| 27 Apr 2007 - 19:07 | JimHeck | save | Computing.FooTopic | repRev 1 by JimHeck 2007/04/28 02:07:06 | 66.31.x.x |
| 27 Apr 2007 - 19:07 | JimHeck | view | Computing.FooTopic |  | 66.31.x.x |
| 27 Apr 2007 - 19:08 | TWikiGuest | view | Main.WebHome |  Mozilla | 66.31.x.x |
| 27 Apr 2007 - 19:08 | TWikiGuest | view | Computing.WebHome |  Mozilla | 66.31.x.x |
| 27 Apr 2007 - 19:08 | TWikiGuest | view | Computing.FooTopic |  Mozilla | 66.31.x.x |
| 27 Apr 2007 - 19:08 | TWikiGuest | view | TWiki.TWikiRegistration |  Mozilla | 66.31.x.x |
| 27 Apr 2007 - 19:08 | JimHeck | edit | Computing.FooTopic |  | 66.31.x.x |
| 27 Apr 2007 - 19:10 | JimHeck | view | TWiki.TWikiRegistration |  | 66.31.x.x |
| 27 Apr 2007 - 19:15 | JimHeck | save | Computing.FooTopic | repRev 1 by JimHeck 2007/04/28 02:15:09 | 66.31.x.x |
| 27 Apr 2007 - 19:15 | JimHeck | view | Computing.FooTopic |  | 66.31.x.x |

Note the times.

The sequence of data collection is as follows:

• Right after the first tail, I save the page.
• Next I do a ps to show the hung process
• Several minutes later I do another ps to show the process still hung
• Then I do a tail of the log again to show that the the view is of the TWikiRegistration topic
• Then I kill the errant process
• Then I do a tail of the log once more to show that the save of the topic completes and the view of the topic refreshes

Here is some more information. If I successfully edit a short topic before editing the long topic, the TWikiRegistration topic never gets viewed prior to the long page save, and the problem does not occur. In other words, once I'm authenticated I never see the problem. If I remove enough text from the page I used above in the example, it stops exhibiting the problem. If I add enough text back it starts doing it again. This is very repeatable and consistent. I'm betting it's some kind of race condition between scripts that is timing dependent and the longer page puts me in some kind of deadlock zone (just a hunch).

I'm going to mark this Urgent, since this is one nasty bug that could easily be used to launch a denial of service attack against TWiki sites if it is not just my setup but universal. The hung process persists even if the browser is closed. Hung processes pile up if you open the page again and try to edit with a new session.

Here is information on what's running on the DreamHost server

• Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.4.2
• This is perl, v5.8.4 built for i386-linux-thread-multi
• PHP 4.4.4 (cgi) (built: Nov 7 2006 13:14:18)
  • Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies
  • with Zend Extension Manager v1.2.0, Copyright (c) 2003-2006, by Zend Technologies
  • with Zend Optimizer v3.2.2, Copyright (c) 1998-2006, by Zend Technologies

I have scrupulously detailed my TWiki Installation procedure for DreamHost and will include it here. I don't want to linkup my twiki right now, since it is vulnerable to this attack, but I will give developers a crack at it if they need to try something on my site.

HeckHowToSetupTwikiOnDreamHost

Here is some strace information on my hung view process. I only get the last line, since I attach after it is already hung.

[:~]$ strace -p 20519
Process 20519 attached - interrupt to quit
write(1, "<!DOCTYPE html PUBLIC \"-//W3C//D"..., 4096

-- JimHeck - 28 Apr 2007 Please let me know what other information I can provide that might be of assistance.

Also FYI, I'm having problems with my password login to the http://develop.twiki.org TWIKI site. My password stops working. I then needed to re-register at http://develop.twiki.org so I can edit pages again after my password stops working on this site. I've had to do it 3 times already. NOTE The password problem I'm reporting is not actually related to this bug report. I repeat, I am not having password problems with the DreamHost site that is exhibiting the hang behavior. Passwords seeem to work fine on my TWiki installation (other than bringing up two different password dialogs). The forgetting problem is specific to http://develop.twiki.org

-- TWiki:Main/JimHeck - 28 Apr 2007

Environment

-- CrawfordCurrie - 28 Apr 2007

Answer

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

Just to be clear, I'm only having problems with passwords on your site http://develop.twiki.org NOT on my own Twiki hosted on DreamHost. Passwords on my TWIKI are remembered correctly and work correctly. It's the develop.twiki.org TWIKI that forgets passwords on me. I highly doubt this is anything on my end, since only my Firefox browser is involved when using the develop.twiki.org TWIKI.

-- JimHeck - 28 Apr 2007

There are many TWikis running on Dreamhost, and this is the first report of this kind. It is almost certainly something to do with your Apache configuration on Dreamhost; it is highly unlikely to be specific to TWiki. The fact that it is "forgetting" passwords suggests that there is something seriously wrong with your setup. Suggest you review the documentation on setting up dreamhost. Perhaps some other dreamhost users can advise?

-- CrawfordCurrie - 28 Apr 2007

Many Twikis may be hosted on DreamHost, but how many are using the latest Edinburgh 4.1.2 release? Theoretically this could be a newly introduced bug. If it is something to do with my Apache setup, I welcome any help or insight anyone has on what is causing it.

-- JimHeck - 28 Apr 2007

i'm successfully running many TWiki 4.1.2 and SVN MAIN installations on dreamhost (and many other developers do, too). i have been working on some installation instructions. tho really, he says it's about passwords on develop.twiki.org so i'm a still a bit confused...

-- WillNorris - 28 Apr 2007

Yes the password issue I shouldn't have mentioned in the initial bug report. It confused the issue. I repeat. The password problems (forgetting) I had were encountered when trying to register and report the bug on develop.twiki.org. They had nothing to do with the reported problem. My own DreamHost Twiki installation has passwords working OK. They are remembered and stored in .htpasswd under /data, and are not forgotten.

-- JimHeck - 28 Apr 2007

WRT develop.twiki.org

it says at the top of every topic in the bugs system....

NOTE: Do not register here at develop.twiki.org, please use your twiki.org account to login (login works here after one hour of registration on twiki.org).

I am working on the next release having a configure option to disable registration.

-- SvenDowideit - 28 Apr 2007

OK, so thanks to WillNorris' installation instructions above, I was able to find and eliminate the source of the problem. The bin/.htaccess.txt file that ships with TWiki 4.1.2 has uncommented a section for .htpasswd configuration. This was causing my TWiki to bring up two sets of authentication prompts when an unautheticated user tried to edit a page. The first was the "grey box" authentication dialog from the .htaccess configuration, the second was the normal TWiki template login. These two don't play nice together in the scenario I first described (see top of bug report). The result is the behaviour I described with the hanging view perl process that is trying to view the TWikiRegistration page.

By eliminating the redundant .htaccess stanza for .htpasswd authentication, along with the stanza at the very bottom of the file requiring a valid-user to edit the page, I fixed my problem. Now only the single TWiki template logon appears when an unauthenticated user attempts to edit a page, and there is no view of the TWikiRegistration registration page for the validated user (that was the process that was hanging). The edit completes successfully.

To explain what I'm talking about here is the diff between a working .htaccess and a non-working .htaccess

[bin]$ diff .htaccess-orig-works .htaccess-orig41,43c41,43
< #AuthUserFile /home/jheck/wiki.heckheck.com/data/.htpasswd
< #AuthName 'Enter your WikiName: (First name and last name, no space, no dots, capitalized, e.g. JohnSmith). Cancel to register if you do not have one.'
< #AuthType Basic
---
> AuthUserFile /home/jheck/wiki.heckheck.com/data/.htpasswd
> AuthName 'Enter your WikiName: (First name and last name, no space, no dots, capitalized, e.g. JohnSmith). Cancel to register if you do not have one.'
> AuthType Basic
95,97c95,97
< #<FilesMatch "(attach|edit|manage|rename|save|upload|mail|logon|.*auth).*">
< #       require valid-user
< #</FilesMatch>
---
> <FilesMatch "(attach|edit|manage|rename|save|upload|mail|logon|.*auth).*">
>        require valid-user
> </FilesMatch>

I did a test using the non-working version of the file followed by one using the working version. The difference in the page access logs under /data shows that the TWikiRegistration page is not accessed in the working case.

Non-working

| 29 Apr 2007 - 06:21 | TWikiGuest | view | Main.WebHome |  Mozilla | 66.31.x.x |
| 29 Apr 2007 - 06:21 | TWikiGuest | view | Computing.WebHome |  Mozilla | 66.31.x.x |
| 29 Apr 2007 - 06:22 | TWikiGuest | view | Computing.FooTopic |  Mozilla | 66.31.x.x |
| 29 Apr 2007 - 06:22 | TWikiGuest | view | TWiki.TWikiRegistration |  Mozilla | 66.31.x.x |
| 29 Apr 2007 - 06:22 | JimHeck | edit | Computing.FooTopic |  | 66.31.x.x |
| 29 Apr 2007 - 06:22 | JimHeck | view | TWiki.TWikiRegistration |  | 66.31.x.x | 

| 29 Apr 2007 - 06:22 | JimHeck | save | Computing.FooTopic | repRev 4 by JimHeck 2007/04/29 13:22:39 | 66.31.x.x |
| 29 Apr 2007 - 06:22 | JimHeck | view | Computing.FooTopic |  | 66.31.x.x |

Working

| 29 Apr 2007 - 06:23 | TWikiGuest | view | Main.WebHome |  Mozilla | 66.31.x.x |
| 29 Apr 2007 - 06:23 | TWikiGuest | view | Computing.WebHome |  Mozilla | 66.31.x.x |
| 29 Apr 2007 - 06:23 | TWikiGuest | view | Computing.FooTopic |  Mozilla | 66.31.x.x |
| 29 Apr 2007 - 06:23 | JimHeck | edit | Computing.FooTopic |  | 66.31.x.x |
| 29 Apr 2007 - 06:23 | JimHeck | save | Computing.FooTopic | repRev 4 by JimHeck 2007/04/29 13:23:41 | 66.31.x.x |
| 29 Apr 2007 - 06:23 | JimHeck | view | Computing.FooTopic |  | 66.31.x.x |

-- JimHeck - 29 Apr 2007

OK, thanks Jim, good tip. Can you suggest how to make this error less likely to be encountered and easier to understand? It would be great if you could propose better documentation....

-- CrawfordCurrie - 14 May 2007