Re: TMDA 0.73 "Jet Pilot" is released

Fri, 28 Mar 2003 06:03:13 -0800 

On Thu, Mar 27, 2003 at 07:10:37PM -0700, Gre7g Luterman wrote:
> On Thu, 27 Mar 2003 11:02:15 -0600, Jim Ramsay <[EMAIL PROTECTED]>
> wrote:
> 
> > First of all (problem 1), when I compiled tmda-cgi, I get the following
> > error:
> > 
> > Compile terminated.  System-wide mode requires that you specify a
> > non-privileged CGI_USER in either a configuration file or with
> > the -u option.
> > 
> > Even though my /etc/tmdarc includes the following line:
> > 
> > CGI_USER = "www"
> 
> Ummmmm... that's one of my new security features!  Yeah, that's the
> ticket.  Just think how safe tmda-cgi is now that you can't run it!
> 
> Okay, okay, try the following patch:
> 
> RCS file: /cvsroot/tmda/tmda/contrib/cgi/compile,v
> retrieving revision 1.11
> diff -r1.11 compile
> 100c100,101
> <   import Defaults
> ---
> >   os.environ['TMDA_CGI_MODE'] = "no-su"
> >   from TMDA import Defaults
> 
> That one was pretty silly.  Not sure how it slipped past me.

Worked great :)

> > Traceback (most recent call last):
> >   File "tmda-cgi.py", line 62, in ?
> >     PVars = Session.Session(Form)
> >   File "./contrib/cgi/Session.py", line 172, in __init__
> >     from TMDA import Defaults
> >   File "./TMDA/Defaults.py", line 1494, in ?
> > IOError: [Errno 13] Permission denied:
> > '/home/lack/.tmda/crypt_key'
> > 
> > The permissions on the file ~/.tmda/crypt_key have not changed
> > (400)
> 
> This second one is a mystery to me as I can't seem to duplicate it.
> Try the patch, recompile the code, put the newly compiled code out on
> the web in place of the old and try again.  Perhaps it is somehow
> related to the other bug.

It's only occurring because my user is part of group wheel - and
therefore has GID 0.  The following patch seems to work:

--- Session.py.orig     Fri Mar 28 01:57:10 2003
+++ Session.py  Fri Mar 28 01:50:01 2003
@@ -71,7 +71,7 @@
 Report an error if we can't, but should be able to."""
     if os.environ["TMDA_CGI_MODE"] == "system-wide":
       # If not specified, use misc. user info
-      if not UID or not GID:
+      if UID is None or GID is None:
         PasswordRecord  = pwd.getpwnam(os.environ["TMDA_CGI_USER"])
         UID = PasswordRecord[2]
         GID = PasswordRecord[3]

(This is of course for tmda-0.73/contrib/cgi/Session.py)

-- 
Jim Ramsay
[EMAIL PROTECTED]                         PGP Key ID: 0xBE28F488
_____________________________________________
tmda-users mailing list ([EMAIL PROTECTED])
http://tmda.net/lists/listinfo/tmda-users

Reply via email to