MoinMoin: MoinMoinChat/Logs/moin-dev/2006-02-17

2006-02-17T00:05:56  <xorAxAx> [PERIODIC ANNOUNCEMENT] Logs can be found on http://moinmoin.wikiwikiweb.de/MoinMoinChat/Logs/moin-dev
2006-02-17T14:26:18  <xorAxAx> ThomasWaldmann: there is a parser/formatter patch on the ML, can you review it?
2006-02-17T14:27:00  <ThomasWaldmann> later
2006-02-17T14:28:49  <xorAxAx> as long as you dont forget it :)
2006-02-17T14:39:19  <ThomasWaldmann> we have a wiki for such stuff
2006-02-17T16:23:51  <starshine> ThomasWaldmann: and sometimes it even responds :) we're surged again
2006-02-17T16:27:13  <xorAxAx> i dont believe him that the surge cases started when he integrated the code. that doesnt make any sense :)
2006-02-17T16:34:40  <starshine> doesn't fit. my site's been under ns and crawler attack before (we finally completed a configuration that shoots down the NS creeps) and my site doesn't melt down this way
2006-02-17T16:35:00  <starshine> although admitted if our pipe's ful it's close :)
2006-02-17T16:41:30  <starshine> patch 407 is first mention of surge suppression code. 006-01-29 00:13:25 GMT
2006-02-17T16:41:41  <starshine> *2006
2006-02-17T16:42:49  <starshine> 444 is the current one in my fetched tla tree
2006-02-17T16:43:34  <ThomasWaldmann> xorAxAx: believe less
2006-02-17T16:43:57  <ThomasWaldmann> i've deactived sp now and restarted the stuff
2006-02-17T16:44:16  <starshine> \o/
2006-02-17T16:44:42  * starshine reaches MoinMoinEtymology page in record time for the week
2006-02-17T16:47:32  <ThomasWaldmann> that's because of the restart. it is fast after restarting, no matter if sp is on or off.
2006-02-17T17:07:19  <xorAxAx> ThomasWaldmann: maybe its the indexing code which gets into a loop?
2006-02-17T17:08:22  <ThomasWaldmann> why should it?
2006-02-17T17:09:59  <xorAxAx> umm, because lupy code is known to be a little erratic? :)
2006-02-17T17:10:12  <xorAxAx> but as long as we dont have any tracebacks, we cannot know
2006-02-17T17:14:39  <ThomasWaldmann> maybe look at the code instead of making wild guesses
2006-02-17T17:19:11  <xorAxAx> no, i wont
2006-02-17T17:19:23  <xorAxAx> as you havent look at it either. its quite much
2006-02-17T17:19:28  <xorAxAx> (incl. lupy etc.)
2006-02-17T17:19:42  <xorAxAx> but you can create a traceback next time it stalls
2006-02-17T17:20:21  <starshine> .o( can we have it self detect a stall and restart ?
2006-02-17T17:20:56  <starshine> stall detection would have been nice for the socket wedging problem I tripped over a long while back
2006-02-17T17:21:51  <xorAxAx> its not really stalling (that would be 0% cpu usage)
2006-02-17T17:22:14  <xorAxAx> its going to 100%, i.e. threads may be in an endless loop
2006-02-17T17:23:28  <ThomasWaldmann> is there a working method now to make a traceback?
2006-02-17T17:23:30  <starshine> hm then it'd be a little stuck to do something about it too :/
2006-02-17T17:23:51  <xorAxAx> ThomasWaldmann: yeah, with the posted gdb file and a python debug build
2006-02-17T17:24:01  <xorAxAx> ThomasWaldmann: that should work in any case
2006-02-17T17:24:04  <ThomasWaldmann> there is no python debug build yet
2006-02-17T17:24:14  <xorAxAx> umm, thats a matter of calling configure
2006-02-17T17:24:21  <xorAxAx> dont you like building python?
2006-02-17T17:24:25  <ThomasWaldmann> later...
2006-02-17T17:25:16  <xorAxAx> #python couldnt tell me why the other method didnt work
2006-02-17T17:46:56  <xorAxAx> for the record - the patch was submitted as a bug item
2006-02-17T17:47:06  <xorAxAx> (the one i was talking about earlier)
2006-02-17T17:48:09  <xorAxAx> at least one of the discussed issues is new since you/Fabi fiddled with the escape-kwargs
2006-02-17T17:48:21  <xorAxAx> --> we have new XSS issues
2006-02-17T17:48:30  <xorAxAx> --> fun
2006-02-17T17:50:08  <xorAxAx> ah, no, at least no. 4 cannot be exploited as XSS
2006-02-17T19:12:41  <xorAxAx> so we need a security check for tuples or lists to avoid strings in the superuser setting
2006-02-17T19:12:50  <xorAxAx> (why wasnt it called superusers ...)
2006-02-17T19:21:12  <ThomasWaldmann> xorAxAx: the sample configs had a correct entry. that guy must have deleted it and added a wrong one.
2006-02-17T19:21:28  <xorAxAx> yeah, i didnt doubt that
2006-02-17T19:21:50  <ThomasWaldmann> but we could check user.valid
2006-02-17T19:21:50  <xorAxAx> but nevertheless its a source of unnoticed user errors with a big impact on security
2006-02-17T19:22:10  <xorAxAx> in any case, we need an isSuperUser method
2006-02-17T19:22:18  <xorAxAx> in order to remove duplicate code
2006-02-17T22:31:19  <ThomasWaldmann> xorAxAx: JFYI: twisted runs at 100% currently
2006-02-17T22:36:57  <xorAxAx> ok :)
2006-02-17T22:37:03  <xorAxAx> so we know that it is lupy
2006-02-17T22:37:17  <xorAxAx> things can be so simple :)
2006-02-17T22:39:53  <dreimark> xorAxAx:should I add a patch about DE and superuser
2006-02-17T22:40:37  <dreimark> if self.request.user.name and self.request.user.name in self.request.cfg.superuser:
2006-02-17T22:40:41  <dreimark> in userform.py
2006-02-17T22:40:45  <dreimark> linie 474
2006-02-17T22:41:01  <xorAxAx> dreimark: no, why?
2006-02-17T22:41:13  <xorAxAx> i think we already talked about this issue, didnt we?
2006-02-17T22:41:20  <xorAxAx> you can find it in the logs ...
2006-02-17T22:41:30  <dreimark> yes we did it was on 5th
2006-02-17T22:41:44  <dreimark> probably this user requests here http://moinmoin.wikiwikiweb.de/MoinMoinFragen
2006-02-17T22:42:54  <xorAxAx> no, thats not related
2006-02-17T22:43:01  <xorAxAx> the user had a string set as superuser
2006-02-17T22:43:04  <xorAxAx> if you mean that
2006-02-17T22:43:10  <xorAxAx> (last item)
2006-02-17T22:43:28  <dreimark> thats from Thomas
2006-02-17T22:43:41  <xorAxAx> which item do you mean on that page?
2006-02-17T22:43:44  <dreimark> there is no name used in the name field
2006-02-17T22:44:00  <xorAxAx> ?
2006-02-17T22:44:25  <dreimark> you don't need to use any username in DE if you have set one user as superuser
2006-02-17T22:44:36  <dreimark> no login just select for everyone
2006-02-17T22:44:39  <xorAxAx> as i said, i want to avoid that
2006-02-17T22:45:03  <xorAxAx> and it doesnt make any sense either except if you have multiple personalities
2006-02-17T22:45:17  <xorAxAx> please use a local wikiconfig and create an account
2006-02-17T22:45:49  <dreimark> there was one the last days using DE as zeroconfig wiki
2006-02-17T22:46:25  <xorAxAx> yeah, exactly
2006-02-17T22:46:40  <xorAxAx> then they think about configuring and the first thing they add is interface = ""
2006-02-17T22:46:46  <xorAxAx> and then you have a problem
2006-02-17T22:47:15  <xorAxAx> my point is - no zero-config user needs to switch accounts
2006-02-17T22:47:24  <xorAxAx> either he has none or just one
2006-02-17T22:47:28  <dreimark> and if he adds only one name to superuser all user gots this ability login as everyone
2006-02-17T22:47:47  <dreimark> normally yes but this one talks about a small group users
2006-02-17T22:48:31  <dreimark> they use DE different as supposed
2006-02-17T22:48:48  <dreimark> may be limit the no of accounts to 1
2006-02-17T22:48:58  <xorAxAx> ?
2006-02-17T22:49:10  <xorAxAx> i dont see your problem
2006-02-17T22:49:27  <xorAxAx> if they use the wiki by multiple persons, then they can afford the time adding that line
2006-02-17T22:49:31  <dreimark> In the past I thought DE is just only for me (one user)
2006-02-17T22:49:32  <xorAxAx> thats beyond desktop usage to me
2006-02-17T22:49:47  <xorAxAx> now your colleagues want to peek
2006-02-17T22:49:53  <xorAxAx> but they dont want to be you
2006-02-17T22:50:26  <xorAxAx> this is about security ...
2006-02-17T22:50:34  <dreimark> yeah
2006-02-17T22:51:06  <dreimark> probably they don't use it for peek they try to use it regular
2006-02-17T22:51:55  <xorAxAx> "try to use it regularly"?
2006-02-17T22:52:05  <xorAxAx> umm, how is that? they have there own account
2006-02-17T22:52:26  <dreimark> and one is superuser
2006-02-17T22:52:54  <xorAxAx> yeah and he can afford the time adding that line :)
2006-02-17T22:53:03  <dreimark> he has to know
2006-02-17T22:53:15  *** irc.freenode.net sets mode: +o ChanServ
2006-02-17T22:53:26  <dreimark> there is no hint about
2006-02-17T22:53:37  <dreimark> what is different in configuration acls ...
2006-02-17T22:54:39  <dreimark> normally nothing for a personal moin matter
2006-02-17T22:55:05  <xorAxAx> switching users is nothing for a personal matter either
2006-02-17T22:55:57  <dreimark> if you have only one user right it's impossible
2006-02-17T22:56:38  <xorAxAx> even if you have two users, i dont see any use case :)
2006-02-17T22:57:42  <dreimark> my be superuser should be disabled for DE
2006-02-17T22:57:44  <dreimark> may
2006-02-17T22:58:01  <xorAxAx> then he couldnt install his langguage package
2006-02-17T22:58:19  <dreimark> ok
2006-02-17T22:58:40  <dreimark> but normally it is not defined in wikiconfig.py
2006-02-17T22:59:24  <dreimark> if an existing username is added to this it makes the difference
2006-02-17T23:01:02  <xorAxAx> right. because of that users from localhost are handled differently
2006-02-17T23:02:02  <dreimark> if one tries all features of mm he could not try this one it is very different and he should know this
2006-02-17T23:02:59  <xorAxAx> right, i dont mind, sorry :)
2006-02-17T23:03:27  <xorAxAx> this is "practical value (security implications) vs. wishes of the marketing department"
2006-02-17T23:03:38  <dreimark> always
2006-02-17T23:05:01  <dreimark> so what could be done
2006-02-17T23:05:29  <xorAxAx> quite simple
2006-02-17T23:05:53  <xorAxAx> we need a wizard that creates config files and a first user on the first requests
2006-02-17T23:06:11  <dreimark> lol
2006-02-17T23:06:59  <dreimark> to simple :-)
2006-02-17T23:07:16  <xorAxAx> it is simple from the user's point of view
2006-02-17T23:07:23  <xorAxAx> and simple from the security point of view
2006-02-17T23:08:14  <dreimark> do you then restrict DE just only for this user
2006-02-17T23:08:17  <dreimark> ?
2006-02-17T23:08:44  <xorAxAx> no, just that user will have admin/superuser rights by default
2006-02-17T23:09:03  <dreimark> internal or by this var
2006-02-17T23:10:37  <dreimark> and do you add this line if self.request.user.name ...
2006-02-17T23:10:57  <xorAxAx> ?
2006-02-17T23:11:14  <dreimark> I don't know how to say it
2006-02-17T23:11:43  <dreimark> if you have one user yourself and you  add this name to superuser
2006-02-17T23:11:56  <dreimark> everyone who is able to login to your machine
2006-02-17T23:12:08  <dreimark> could login to DE with your name without a password
2006-02-17T23:12:24  <xorAxAx> hmm, no
2006-02-17T23:12:32  <xorAxAx> he has to know the superuser pwd first
2006-02-17T23:12:42  <dreimark> no
2006-02-17T23:13:47  <dreimark> he needs not to know a name and not to know a password it is exactly like the one it has on MoinMoinFragen
2006-02-17T23:14:12  <dreimark> he gots listed the user and could select it
2006-02-17T23:14:20  <dreimark> then the cookie is set
2006-02-17T23:14:25  <dreimark> and he is logged in
2006-02-17T23:14:59  <xorAxAx> this is only possible in case of a misconfiguration
2006-02-17T23:15:03  <dreimark> no
2006-02-17T23:15:20  <xorAxAx> DE doesnt do the localhost check for that su thingie
2006-02-17T23:15:51  <dreimark> use DE set suoeruser to your name then logout and select login
2006-02-17T23:16:21  <xorAxAx> it did not delete your cookie?
2006-02-17T23:16:28  <xorAxAx> then you should file a bug
2006-02-17T23:16:37  <dreimark> logout deletes the cookie
2006-02-17T23:17:06  <dreimark> but while everyone on the machine (localhost) has superuser if one is added to this var
2006-02-17T23:17:21  <dreimark> everayone could login as everyone
2006-02-17T23:17:23  <xorAxAx> no, not everyone using it from localhost is superuser
2006-02-17T23:17:32  <xorAxAx> but they can use the packageinstaller
2006-02-17T23:17:42  <dreimark> is that complicated
2006-02-17T23:17:42  <xorAxAx> so it is a risk on a multiuser system, indeed
2006-02-17T23:17:51  <xorAxAx> yeah, it is :)
2006-02-17T23:18:07  <dreimark> the problem is adding a username to superuser
2006-02-17T23:18:15  <dreimark> on DE
2006-02-17T23:18:20  <xorAxAx> hmm, yeah, configuration in general
2006-02-17T23:19:38  <dreimark> if file  a bug report and the patch but this should be tested carefully
2006-02-17T23:19:51  <dreimark> I don't know mutch on the changes for DE
2006-02-17T23:20:23  <xorAxAx> what do you want to patch?
2006-02-17T23:20:44  <xorAxAx> there is no real problem here except for PI usage to unpriveleged users on a multiuser system
2006-02-17T23:20:49  <dreimark> userform.py
2006-02-17T23:20:55  <dreimark> linie 474
2006-02-17T23:21:05  <dreimark> may be  if self.request.user.name and self.request.user.name in self.request.cfg.superuser:
2006-02-17T23:21:45  <xorAxAx> in order to fix the problem seen in the wiki?
2006-02-17T23:22:10  <xorAxAx> yeah, but at least i wont apply that patch but factor out that code into a User.method
2006-02-17T23:22:22  <dreimark> yeah and to prevent for login without superuser password
2006-02-17T23:24:00  <xorAxAx> i will read the log and have to learn for maths now ...
2006-02-17T23:24:07  <dreimark> may be that is better because it was not needed for MM
2006-02-17T23:24:13  <dreimark> ok