6.0.0-git
2019-04-24

[#12975] tmpdir problems not logged
Summary tmpdir problems not logged
Queue Horde Framework Packages
Queue Version FRAMEWORK_5_1
Type Bug
State Resolved
Priority 1. Low
Owners slusarz (at) horde (dot) org
Requester skhorde (at) smail (dot) inf (dot) fh-bonn-rhein-sieg (dot) de
Created 2014-02-17 (1892 days ago)
Due
Updated 2014-02-25 (1884 days ago)
Assigned
Resolved 2014-02-25 (1884 days ago)
Milestone
Patch No

History
2014-02-25 08:39:31 Michael Slusarz Comment #6
Assigned to Michael Slusarz
State ⇒ Resolved
Reply to this comment
IMP 6.2.
2014-02-25 08:39:15 Git Commit Comment #5 Reply to this comment
Changes have been made in Git (master):

commit aa826688cf5fce38627bf90262f0c7b4699d2a19
Author: Michael M Slusarz <slusarz@horde.org>
Date:   Tue Feb 25 01:33:18 2014 -0700

     Bug #12975: Immediately save attachment, so we can report error 
if attachment data cannot be saved locally to VFS backend

     Use the temporary upload file as needed during the initial upload access
     to eliminate the need to create another temporary file

  imp/lib/Compose/Attachment.php                   |   69 +++++++--------------
  imp/lib/Compose/Attachment/Storage.php           |   34 ++++++++++-
  imp/lib/Compose/Attachment/Storage/Vfs.php       |    4 +-
  imp/lib/Compose/Attachment/Storage/VfsLinked.php |    2 +-
  4 files changed, 58 insertions(+), 51 deletions(-)

http://git.horde.org/horde-git/-/commit/aa826688cf5fce38627bf90262f0c7b4699d2a19
2014-02-18 10:45:14 skhorde (at) smail (dot) inf (dot) fh-bonn-rhein-sieg (dot) de Comment #4 Reply to this comment

[Show Quoted Text - 9 lines]
a) the permissions of the cache directory can change unintentionally. 
Horde would not log problems.

b) without read permission of the directory, the only denied operation 
is opendir($conf['tmpdir']). Horde can read any item it created within 
the directory and below. I wonder what Horde searches for in tmpdir 
e.g. if one uses the system default /tmp, which is shared among 
various other processes. Any found item could belong to another 
process or web application.
2014-02-18 10:24:24 arjen+horde (at) de-korte (dot) org Comment #3 Reply to this comment
I configured confiig/conf.php: $conf['tmpdir'] = '/var/cache/horde';
chown root:root /var/cache/horde
chmod u=rwx,g=,o=wx /var/cache/horde
You have got to be kidding. With the above settings, you might just as 
well set the cache to /dev/null. The whole idea of a cache is that you 
can both write *and* read stuff to/from the cache. If you don't 
understand why Horde is unable to use the cache with the permissions 
above, running a webserver is probably not for you.
The test.php let this config pass.
The test script is no replacement for basic system administration skills.
2014-02-18 07:45:47 skhorde (at) smail (dot) inf (dot) fh-bonn-rhein-sieg (dot) de Comment #2 Reply to this comment
I forgot the package list:

Installed packages, channel pear.horde.org:
===========================================
Package                   Version State
Horde_ActiveSync          2.12.4  stable
Horde_Alarm               2.0.5   stable
Horde_Argv                2.0.7   stable
Horde_Auth                2.1.1   stable
Horde_Autoloader          2.0.1   stable
Horde_Browser             2.0.4   stable
Horde_Cache               2.4.0   stable
Horde_Cli                 2.0.4   stable
Horde_Compress            2.0.7   stable
Horde_Compress_Fast       1.0.2   stable
Horde_Constraint          2.0.1   stable
Horde_Controller          2.0.1   stable
Horde_Core                2.11.1  stable
Horde_Crypt               2.4.0   stable
Horde_Crypt_Blowfish      1.0.2   stable
Horde_Css_Parser          1.0.3   stable
Horde_Data                2.0.4   stable
Horde_Date                2.0.7   stable
Horde_Date_Parser         2.0.2   stable
Horde_Dav                 1.0.3   stable
Horde_Db                  2.0.4   stable
Horde_Editor              2.0.3   stable
Horde_ElasticSearch       1.0.2   stable
Horde_Exception           2.0.4   stable
Horde_Feed                2.0.1   stable
Horde_Form                2.0.6   stable
Horde_Group               2.0.2   stable
Horde_HashTable           1.1.0   stable
Horde_History             2.2.1   stable
Horde_Http                2.0.4   stable
Horde_Icalendar           2.0.7   stable
Horde_Image               2.0.5   stable
Horde_Imap_Client         2.17.1  stable
Horde_Imsp                2.0.5   stable
Horde_Injector            2.0.2   stable
Horde_Itip                2.0.5   stable
Horde_Kolab_Format        2.0.5   stable
Horde_Kolab_Server        2.0.2   stable
Horde_Kolab_Session       2.0.1   stable
Horde_Kolab_Storage       2.0.5   stable
Horde_Ldap                2.0.3   stable
Horde_ListHeaders         1.1.0   stable
Horde_Lock                2.1.0   stable
Horde_Log                 2.1.0   stable
Horde_LoginTasks          2.0.3   stable
Horde_Mail                2.1.4   stable
Horde_Mapi                1.0.2   stable
Horde_Memcache            2.0.5   stable
Horde_Mime                2.2.8   stable
Horde_Mime_Viewer         2.0.5   stable
Horde_Mongo               1.0.2   stable
Horde_Nls                 2.0.3   stable
Horde_Notification        2.0.1   stable
Horde_Oauth               2.0.1   stable
Horde_Pack                1.0.0   stable
Horde_Pdf                 2.0.3   stable
Horde_Perms               2.1.2   stable
Horde_Prefs               2.5.2   stable
Horde_Queue               1.1.1   stable
Horde_Rdo                 2.0.2   stable
Horde_Role                1.0.1   stable
Horde_Routes              2.0.2   stable
Horde_Rpc                 2.1.1   stable
Horde_Scribe              2.0.1   stable
Horde_Secret              2.0.2   stable
Horde_Serialize           2.0.2   stable
Horde_Service_Facebook    2.0.6   stable
Horde_Service_Twitter     2.1.1   stable
Horde_Service_Weather     2.0.5   stable
Horde_SessionHandler      2.2.3   stable
Horde_Share               2.0.4   stable
Horde_Smtp                1.3.1   stable
Horde_Socket_Client       1.1.1   stable
Horde_SpellChecker        2.1.1   stable
Horde_Stream              1.5.0   stable
Horde_Stream_Filter       2.0.2   stable
Horde_Stream_Wrapper      2.0.1   stable
Horde_Support             2.1.1   stable
Horde_SyncMl              2.0.3   stable
Horde_Template            2.0.1   stable
Horde_Text_Diff           2.0.2   stable
Horde_Text_Filter         2.2.0   stable
Horde_Text_Filter_Csstidy 2.0.1   stable
Horde_Text_Filter_Jsmin   1.0.0   stable
Horde_Text_Flowed         2.0.1   stable
Horde_Thrift              2.0.1   stable
Horde_Timezone            1.0.4   stable
Horde_Token               2.0.4   stable
Horde_Translation         2.0.1   stable
Horde_Tree                2.0.2   stable
Horde_Url                 2.2.1   stable
Horde_Util                2.3.0   stable
Horde_Vfs                 2.1.2   stable
Horde_View                2.0.3   stable
Horde_Xml_Element         2.0.1   stable
Horde_Xml_Wbxml           2.0.1   stable
content                   2.0.3   stable
gollem                    3.0.1   stable
horde                     5.1.5   stable
horde_lz4                 1.0.2   stable
imp                       6.1.6   stable
ingo                      3.1.3   stable
kronolith                 4.1.4   stable
mnemo                     4.1.2   stable
nag                       4.1.3   stable
timeobjects               2.0.4   stable
trean                     1.0.3   stable
turba                     4.1.3   stable
webmail                   5.1.3   stable
2014-02-17 08:24:46 skhorde (at) smail (dot) inf (dot) fh-bonn-rhein-sieg (dot) de Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 1. Low
Summary ⇒ tmpdir problems not logged
Queue ⇒ Horde Framework Packages
Milestone ⇒
Patch ⇒ No
Reply to this comment
I configured confiig/conf.php: $conf['tmpdir'] = '/var/cache/horde';
chown root:root /var/cache/horde
chmod u=rwx,g=,o=wx /var/cache/horde

The test.php let this config pass. Horde5 does not log anything 
either. The directory is filled with various cache_* files and a 
horde_cache_gc file.

But you cannot send attachments. The message is "Content-Type: 
text/plain; charset=UTF-8; format=flowed; DelSp=Yes" for both, the 
physical mesage in Sent folder and the message sent. The GUI shows the 
attachment. So, the sender does not see anything wrong.

If I change the permission of the tmpdir to o=rwx, both the messages 
physically in the Sent folder and the sent message get "Content-Type: 
multipart/mixed; boundary="=_0zwrHbyMiqc5WlfTEt5QFw1"" and do contain 
the attachment.

Now, there is a subdir in /vfar/cache/horde names ".horde" with 
"imp/compose" subdir.

1) IMHO, there should be an error logged in the compose window that 
the attachment has not been physically sent.

2) test.php should check the permission of tmpdir

3) Why is read-permission required at all? And causing that problem.

For the record: I've changed the ownership / permission of tmpdir so:
chown www-data /var/cache/horde
chmod 0700 /var/cache/horde

Saved Queries