[pmwiki-users] Bug: mkdirp crashes

Joachim Durchholz jo at durchholz.org
Sat Apr 9 15:58:42 CDT 2005


Hi all,

there's a bug in mkdirp that will make it recurse endlessly trying to 
create directory '.', resulting in the error message:

Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to 
allocate 10 bytes) in /path/to/pmwiki/pmwiki.php on line 365

The bug will probably turn up only under unusual permission/ownership 
settings (I just inadvertently unpacked the .tgz using the wrong userid, 
and PmWiki ran just fine before that).

Fix:

In function "mkdirp", change line 365 to read

   if ($dir == '.' || file_exists($dir)) return;

(the check for '.' is new).

This is just a symptom-suppression fix. All it does is allowing PmWiki 
to run to completion or to a point where the permission/ownership 
problem really matters.
When applied, I get the following messages:

--- snip ---
Warning: mkdir(): SAFE MODE Restriction in effect. The script whose uid 
is 502 is not allowed to access wiki.d owned by uid 639 in 
/home/htdocs/web2/html/shamanca/pmwiki/pmwiki.php on line 368

Warning: fileperms(): SAFE MODE Restriction in effect. The script whose 
uid is 502 is not allowed to access 
/home/htdocs/web2/html/shamanca/pmwiki owned by uid 30 in 
/home/htdocs/web2/html/shamanca/pmwiki/pmwiki.php on line 374
PmWiki can't process your request

PmWiki needs to have a writable wiki.d/ directory before it can 
continue. [...]

--- snip ---

I also noted a few minor bugs and nits to pick in mkdirp. I don't know 
whether any of these are relevant, so I simply list all of them.

1) $safemode is always initialised, but not used unless an error occurs.
2) In case of problems, $perms is calculated, but not used unless PHP is 
running in safe mode.
3) Directories are created with mode 0777 (rwxrwxrwx). This opens a 
small window of vulnerability until the permissions are fixed. It's 
probably better if the directories are created with mode 0000. (This 
might be more difficult to fix than what it's worth, but it's definitely 
something to fix as soon as crackers start to target PmWiki.)
4) I don't know why mkdirp tries to create '.'. Must be some borderline 
behavior of dirname, mkdir, or fixperms.
5) If mkdirp fails due to owner mismatch problems, it shouldn't output a 
message telling the administrator that he can fix the problem with a 
chmod. No message would be better, pointing the admin to chown (resp. 
"rm -rf" followed by "su" or "sudo") would be best.

Regards,
Jo



More information about the pmwiki-users mailing list