| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
66315
|
Wed Apr 15 09:26:37 2009 |
 | Stefan Ritt | stefan.ritt@psi.ch | Bug fix | All | 2.7.6 | Re: Long cookie content is not handled properly. |
| Simon Patton wrote: | I discovered the infinite loop in 2.7.5 which can happen when a cookie's content is longer that the cookie array
designed to hold it. I also note that this issue has been addressed in 2.7.6, but the solution does not appear
to be correct and it can end up completely confusing the cookie extraction.
In 2.7.5 the code was:
for (i = 0; *p && *p != ';' && *p != '\r' && *p != '\n' ; )
if (i < (int) sizeof(cookie)-1)
cookie[i++] = *p++;
While in 2.7.6 is became:
for (i = 0; *p && *p != ';' && *p != '\r' && *p != '\n';)
if (i < (int) sizeof(cookie) - 1)
cookie[i++] = *p++;
else
break;
This leaves 'p' pointing to the middle of the cookie's content and I can not see that this is corrected in the loop (sorry if I've missed that).
The solution I used to patch 2.7.5 was the following:
for (i = 0; *p && *p != ';' && *p != '\r' && *p != '\n' ; ++p)
if (i < (int) sizeof(cookie)-1)
cookie[i++] = *p;
which simply truncates the contents of the cookie (which is assumed not to be an elogd cookie) but leaves 'p' in the right place to extract the next one. |
You're absolutely right about that. I incorporated your patch into revision #2192. |
|
66325
|
Tue Apr 21 16:29:23 2009 |
 | Joseph Le | josephle9@gmail.com | Question | Windows | 2.7.6 | Is there a way to import old log messages |
I update my elog from version 2.7.5 to 2.7.6 and mistakenly replace configuration file. so i have to reconfigure everything from ground up. when my elog back online, old log messages are not show up. is there a way to import old log messages from old log book to new one.
thanks |
|
66328
|
Fri Apr 24 09:03:05 2009 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Windows | 2.7.6 | Re: Is there a way to import old log messages |
| Joseph Le wrote: |
|
I update my elog from version 2.7.5 to 2.7.6 and mistakenly replace configuration file. so i have to reconfigure everything from ground up. when my elog back online, old log messages are not show up. is there a way to import old log messages from old log book to new one.
thanks
|
You don't have to import old log book messages, they should be shown automatically (as long as you don't overwrite your configuration file mistakenly). If you had a different logbook name (not "demo") your files will still be there under c:\Program Files\ELOG\logbooks\<logbook name>. Just add the proper name in elogd.cfg, restart elogd and you will see your old messages. |
|
66332
|
Tue Apr 28 21:25:31 2009 |
| Dongwook Jang | dwjang@fnal.gov | Question | Linux | 2.7.6 | elogd runs by a user but not by root |
Hi,
I really don't understand why elogd cannot run by root but it runs by a user.
I've put elog deamon in /etc/init.d. So it didn't bring up, but it runs if I run it by user interactively.
Thanks,
Dongwook |
|
66333
|
Wed Apr 29 07:52:57 2009 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | 2.7.6 | Re: elogd runs by a user but not by root |
| Dongwook Jang wrote: |
|
Hi,
I really don't understand why elogd cannot run by root but it runs by a user.
I've put elog deamon in /etc/init.d. So it didn't bring up, but it runs if I run it by user interactively.
Thanks,
Dongwook
|
That's a security issue. If elogd runs under a user and gets hacked, the hacker obtains just the user rights, which can be limited. If it runs under root, the hacker will automatically get root rights, which is bad. Technically, there is no reason why elogd cannot be run as root. Just put
Usr = root
Grp = root
into elogd.cfg. |
|
66335
|
Wed Apr 29 18:20:38 2009 |
| Dongwook Jang | dwjang@fnal.gov | Question | Linux | 2.7.6 | Re: elogd runs by a user but not by root |
| Stefan Ritt wrote: |
|
| Dongwook Jang wrote: |
|
Hi,
I really don't understand why elogd cannot run by root but it runs by a user.
I've put elog deamon in /etc/init.d. So it didn't bring up, but it runs if I run it by user interactively.
Thanks,
Dongwook
|
That's a security issue. If elogd runs under a user and gets hacked, the hacker obtains just the user rights, which can be limited. If it runs under root, the hacker will automatically get root rights, which is bad. Technically, there is no reason why elogd cannot be run as root. Just put
Usr = root
Grp = root
into elogd.cfg.
|
Hi,
I wonder how others manage this situation because deamons in /etc/init.d is excercuted by root. So I cannot run in /etc/init.d/elogd when the system starts up.
What do you think?
Thanks,
Dongwook |
|
66336
|
Thu Apr 30 08:40:43 2009 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | 2.7.6 | Re: elogd runs by a user but not by root |
| Dongwook Jang wrote: |
|
Hi,
I wonder how others manage this situation because deamons in /etc/init.d is excercuted by root. So I cannot run in /etc/init.d/elogd when the system starts up.
What do you think?
Thanks,
Dongwook
|
The normal situation is that elogd gets started by root under /etc/init.d/, then the configuration file contains "Usr = elog" and "Grp = elog", so after it has been started as root, the program falls back to the "elog" user, which only has restricted rights.
|
|
66338
|
Thu Apr 30 20:49:03 2009 |
| Dongwook Jang | dwjang@fnal.gov | Question | Linux | 2.7.6 | Re: elogd runs by a user but not by root |
| Stefan Ritt wrote: |
| Dongwook Jang wrote: |
|
Hi,
I wonder how others manage this situation because deamons in /etc/init.d is excercuted by root. So I cannot run in /etc/init.d/elogd when the system starts up.
What do you think?
Thanks,
Dongwook
|
The normal situation is that elogd gets started by root under /etc/init.d/, then the configuration file contains "Usr = elog" and "Grp = elog", so after it has been started as root, the program falls back to the "elog" user, which only has restricted rights.
|
Now I realized that it is not a problem in /etc/init.d, but deamon itself.
When I run the following command as a root, it didn't run
/mnt/wd500/jnj/products/elog/sbin/elogd -D -c /mnt/wd500/jnj/products/elog/elog/elogd.cfg
But, it runs when I did as a user.
I really don't understand this strange behavior.
Thanks, |