SID-01588: Insecure dependency in open while running with -T switch

Status:	Answered	TWiki version:	5.1.2	Perl version:	5.014002 (linux)
Category:	CategoryInstallation	Server OS:	Linux 2.6.42-26-generic (x86_64-linux-gnu-thread-multi)	Last update:	13 years ago

When trying to rename a topic I'm getting the following error

Insecure dependency in open while running with -T switch at /var/www/twiki/lib/TWiki/Store/RcsFile.pm line 793., referer: http://211.30.29.35:65112/twiki/bin/rename/Main/VersionControl

Thanks

-- LeoList - 2012-11-19

Discussion and Answer

Not sure,and I can't reproduce it on my system. Time to debug. Could you add this just before line 793, e.g. before open($FILE, '>', $name ) || in twiki/lib/TWiki/Store/RcsFile.pm and see what stacktrace output you get:

use Carp;
confess "saveFile( $name )";

-- PeterThoeny - 2012-11-19

Added the 2 lines, but now get this error

TWiki detected an internal error - please check your TWiki logs and webserver logs for more information.

saveFile( path )

-- LeoList - 2012-11-19

Enabled Carp slightly different and get the following output

[Mon Nov 19 17:56:39 2012] [error] [client 192.168.1.1] Insecure dependency in open while running with -T switch at /var/www/twiki/lib/TWiki/Store/RcsFile.pm line 797., referer: http://211.30.29.35:65112/twiki/bin/rename/CASISBusiness/LeosTest3?newweb=Trash&nonwikiword=on
[Mon Nov 19 17:56:39 2012] [error] [client 192.168.1.1]  at /var/www/twiki/lib/TWiki/Store/RcsFile.pm line 797, referer: http://211.30.29.35:65112/twiki/bin/rename/CASISBusiness/LeosTest3?newweb=Trash&nonwikiword=on
[Mon Nov 19 17:56:39 2012] [error] [client 192.168.1.1]
    TWiki::Store::RcsFile::saveFile('TWiki::Store::RcsWrap=HASH(0x2983ab8)', '/var/www/twiki/data/CASISBusiness/WebHome.lock', 'LeoList\\x{a}1353308199') called at /var/www/twiki/lib/TWiki/Store/RcsFile.pm line 648, referer: http://211.30.29.35:65112/twiki/bin/rename/CASISBusiness/LeosTest3?newweb=Trash&nonwikiword=on
[Mon Nov 19 17:56:39 2012] [error] [client 192.168.1.1] 
    TWiki::Store::RcsFile::setLock('TWiki::Store::RcsWrap=HASH(0x2983ab8)', 1, 'LeoList') called at /var/www/twiki/lib/TWiki/Store.pm line 1299, referer: http://211.30.29.35:65112/twiki/bin/rename/CASISBusiness/LeosTest3?newweb=Trash&nonwikiword=on
[Mon Nov 19 17:56:39 2012] [error] [client 192.168.1.1] 
    TWiki::Store::lockTopic('TWiki::Store=HASH(0x1c645d0)', 'LeoList', 'CASISBusiness', 'WebHome') called at /var/www/twiki/lib/TWiki/UI/Manage.pm line 1384, referer: http://211.30.29.35:65112/twiki/bin/rename/CASISBusiness/LeosTest3?newweb=Trash&nonwikiword=on
[Mon Nov 19 17:56:39 2012] [error] [client 192.168.1.1] 
    TWiki::UI::Manage::_updateReferringTopics('TWiki=HASH(0x1473c08)', 'CASISBusiness', 'LeosTest3', 'Trash', 'CASISBusinessLeosTest3', 'ARRAY(0x1c1c240)') called at /var/www/twiki/lib/TWiki/UI/Manage.pm line 1009, referer: http://211.30.29.35:65112/twiki/bin/rename/CASISBusiness/LeosTest3?newweb=Trash&nonwikiword=on
[Mon Nov 19 17:56:39 2012] [error] [client 192.168.1.1] 
    TWiki::UI::Manage::move('TWiki=HASH(0x1473c08)', 'CASISBusiness', 'LeosTest3', 'Trash', 'CASISBusinessLeosTest3', '', 'ARRAY(0x1c1c240)') called at /var/www/twiki/lib/TWiki/UI/Manage.pm line 498, referer: http://211.30.29.35:65112/twiki/bin/rename/CASISBusiness/LeosTest3?newweb=Trash&nonwikiword=on
[Mon Nov 19 17:56:39 2012] [error] [client 192.168.1.1] 
    TWiki::UI::Manage::rename('TWiki=HASH(0x1473c08)') called at /var/www/twiki/lib/TWiki/UI.pm line 199, referer: http://211.30.29.35:65112/twiki/bin/rename/CASISBusiness/LeosTest3?newweb=Trash&nonwikiword=on
[Mon Nov 19 17:56:39 2012] [error] [client 192.168.1.1] 
    TWiki::UI::__ANON__() called at /usr/share/perl5/Error.pm line 416, referer: http://211.30.29.35:65112/twiki/bin/rename/CASISBusiness/LeosTest3?newweb=Trash&nonwikiword=on
[Mon Nov 19 17:56:39 2012] [error] [client 192.168.1.1] 
    eval {...} called at /usr/share/perl5/Error.pm line 408, referer: http://211.30.29.35:65112/twiki/bin/rename/CASISBusiness/LeosTest3?newweb=Trash&nonwikiword=on
[Mon Nov 19 17:56:39 2012] [error] [client 192.168.1.1] 
    Error::subs::try('CODE(0x1457b60)', 'HASH(0x27bffd8)') called at /var/www/twiki/lib/TWiki/UI.pm line 267, referer: http://211.30.29.35:65112/twiki/bin/rename/CASISBusiness/LeosTest3?newweb=Trash&nonwikiword=on
[Mon Nov 19 17:56:39 2012] [error] [client 192.168.1.1] 
    TWiki::UI::execute('TWiki::Request=HASH(0x1b3ce18)', 'CODE(0x1b93ad0)', 'rename', 1) called at /var/www/twiki/lib/TWiki/UI.pm line 175, referer: http://211.30.29.35:65112/twiki/bin/rename/CASISBusiness/LeosTest3?newweb=Trash&nonwikiword=on
[Mon Nov 19 17:56:39 2012] [error] [client 192.168.1.1] 
    TWiki::UI::handleRequest('TWiki::Request=HASH(0x1b3ce18)') called at /var/www/twiki/lib/TWiki/Engine/CGI.pm line 47, referer: http://211.30.29.35:65112/twiki/bin/rename/CASISBusiness/LeosTest3?newweb=Trash&nonwikiword=on
[Mon Nov 19 17:56:39 2012] [error] [client 192.168.1.1] 
    TWiki::Engine::CGI::run('TWiki::Engine::CGI=HASH(0x18e2350)') called at /var/www/twiki/bin/rename line 43., referer: http://211.30.29.35:65112/twiki/bin/rename/CASISBusiness/LeosTest3?newweb=Trash&nonwikiword=on

-- LeoList - 2012-11-19

Is there anything else I can try.

Thanks

-- LeoList - 2012-11-19

Not sure. Check that the {SafeEnvPath} is valid and the dirs are not writable by the webserver user. Make sure all {RCS}{...Cmd} are correct and the dirs are not wrtable by the webserver user.

-- PeterThoeny - 2012-11-19

Sorry, but not only do I know nothing about Perl, I'm also a complete novice as far as TWiki is concerned. I did fix the dirs in {SafeEnvPath} before to fix another problem I had, so they are ok and had a look at all the other files involved and they are all owned by root and have no world write access.

One thing I did notice is that the deletion/move does work despite the error message.

I guess the trick is to find out the file/path. Not sure why your original suggestion gives an error, but maybe if this can be resolved we can find out the file in question.

Cheers

-- LeoList - 2012-11-20

ok. ran with use diagnostics

	eval {...} called at /usr/share/perl5/Error.pm line 408
	Error::subs::try('CODE(0x1744b60)', 'HASH(0x2ac4420)') called at /var/www/twiki/lib/TWiki/UI.pm line 267
	TWiki::UI::execute('TWiki::Request=HASH(0x1e29e18)', 'CODE(0x1e80ad0)', 'rename', 1) called at /var/www/twiki/lib/TWiki/UI.pm line 175
	TWiki::UI::handleRequest('TWiki::Request=HASH(0x1e29e18)') called at /var/www/twiki/lib/TWiki/Engine/CGI.pm line 47
	TWiki::Engine::CGI::run('TWiki::Engine::CGI=HASH(0x1bcf350)') called at /var/www/twiki/bin/rename line 43.

-- LeoList - 2012-11-20

Thanks for the stack trace, that helped. Studying the code, I could identify an issue and came up with the following untested patch. Could you please apply the patch and let me know if this fixes the issue? For the test, make sure you fix backlinks on rename!

--- lib/TWiki/UI/Manage.pm   (revision 24029)
+++ lib/TWiki/UI/Manage.pm   (working copy)
@@ -1292,8 +1292,18 @@
 
     my $query = $session->{request};
     my @result;
-    foreach my $topic ( $query->param( 'referring_topics' ) ) {
-        push @result, $topic;
+    foreach my $webTopic ( $query->param( 'referring_topics' ) ) {
+        my ( $aWeb, $aTopic ) = $session->normalizeWebTopicName( '', $webTopic );
+
+        # Sanitize web and topic
+        $aWeb   =~ s/$TWiki::cfg{NameFilter}//go;
+        $aWeb   = TWiki::Sandbox::untaintUnchecked( $aWeb );
+        $aTopic =~ s/$TWiki::cfg{NameFilter}//go;
+        $aTopic = TWiki::Sandbox::untaintUnchecked( $aTopic );
+        # Skip topics that fail validation
+        next if( length( $aWeb ) == 0 || length( $aTopic ) == 0 );
+
+        push( @result, "$aWeb.$aTopic" );
     }
     return \@result;
 }

-- PeterThoeny - 2012-11-21

Works like a charm.

Thanks

-- LeoList - 2012-11-21

I am glad it worked out. Tracked in TWikibug:Item7051.

-- PeterThoeny - 2012-11-21

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.