Bug: Topic rename fails on Codev

I tried to rename TocBreaksOnIdenticallyNamedSections today (29 Nov 2004, about 12:20 Central) and got this message:

Software error:
Insecure dependency in open while running with -T switch at /home/groups/t/tw/twiki/cgi-bin/TWiki/Store.pm line 867.

It appears that the rename did actually occur, though.

Test case

Environment

-- DavidBright - 29 Nov 2004

Follow up

I had the same issue, see RenameTaintErrorOnTWikiOrg. Also happened to MartinCleaver, see his comment about rename on about 26 Nov 2004 on CoffeeBreak.

Unfortunately the rename code is rather hairy - however, the recent attention to TWikiSecurity and in particular TaintChecking may mean this gets fixed.

This should be considered a security-related bug - while it's not a hole it indicates something odd in the use of tainting.

-- RichardDonkin - 30 Nov 2004

The rename code actually isn't too bad, as long as you read the DEVELOP codebase

Anyway, the "error" relates to the opening of the .changes file for write during a topic save operation. I have no idea why it thinks this is tainted.

-- CrawfordCurrie - 30 Nov 2004

Fix record

I think I found the issue. As Crawford mentioned, the taint error happens in the rename script while opening the .changes file for write during a topic save operation. This is for the destination web during rename. Reading the code, the new name of the web is received from the 'newweb' parameter and passed to Store untainted. Store untaints the variable for the topic save operation, but the update of the .changes file happens in an untainted path. Not sure why it does not fail all the time though.

Fix:

-bash-2.05b$ diff -c8 bu6 Manage.pm
*** bu6/Manage.pm       2004-08-08 03:40:48.000000000 -0700
--- Manage.pm   2005-01-22 22:35:07.000000000 -0800
***************
*** 390,405 ****
--- 390,411 ----
    my $currentWebOnly = $query->param( 'currentwebonly' ) || "";
    my $doAllowNonWikiWord = $query->param( 'nonwikiword' ) || "";
    my $justChangeRefs = $query->param( 'changeRefs' ) || "";

    my $skin = $query->param( "skin" ) || TWiki::Prefs::getPreferencesValue( "SKIN" );

    $newTopic =~ s/\s//go;
    $newTopic =~ s/$TWiki::securityFilter//go;
+   $newTopic =~ /(.*)/;
+   $newTopic = $1;
+   $newWeb =~ s/\s//go;
+   $newWeb =~ s/$TWiki::securityFilter//go;
+   $newWeb =~ /(.*)/;
+   $newWeb = $1;

    if( ! $theAttachment ) {
      $theAttachment = "";
    }

    my $wikiUserName = &TWiki::userToWikiName( $userName );

    # justChangeRefs will be true when some topics that had links to $oldTopic

I did some tests and it looks fine. However this was an intermittent error, so more tests are needed. Please stress test TWiki on TWiki.org and report any issues here.

Note: Check-in into MAIN and DEVELOP is pending.

-- PeterThoeny - 23 Jan 2005

i tried moving Main.RubyProgrammingLanguage to Codev.RubyProgrammingLanguage and got a 500 error after clicking on "More topic actions" (~20:20 UTC)

-- WillNorris - 24 Jan 2005

I had the same problem when I tried to rename that topic, so I moved it manually.

-- SamHasler - 24 Jan 2005

This error in the "more" screen in the Main web is unrelated to this issue here. The Main web has many topics, the "More" screen shows the list of all files to set a new parent. This hits a SourceForge hosting limit, probably a killed cgi script due to using too much resources (memory?).

-- PeterThoeny - 25 Jan 2005

Unassigned from Dakar, becuase there's nothing specific to fix.

-- CrawfordCurrie - 16 Feb 2005