Closed Bug 385225 Opened 18 years ago Closed 18 years ago

Config.pm: when Bugzilla cannot read localconfig or params file it should complain to STDERR and even die

Categories

(Bugzilla :: Installation & Upgrading, defect)

Product:
Bugzilla
Component:
Installation & Upgrading
Platform:
All
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 346344

People

(Reporter: miguel, Unassigned)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.10) Gecko/20070302 Galeon/2.0.1 (Ubuntu package 2.0.1-1ubuntu2) Firefox/1.5.0.10 Build Identifier: 2.20 in Ubuntu Dapper In order to avoid grief to installers and maintainers that irresposibly copy the localconfig & co files without upgrading the ownership to Apache the following line in Config.pm: do $localconfig; should be changed to: do $localconfig or die "Unable to read $localconfig: $!"; Similar changes might be needed for the params file as well. Reproducible: Always Steps to Reproduce: 1. Have a working installation of bugzilla with config files owned by Apache user. 2. Do some manipulation on the config files that make them unreadable by apache (e.g move them away and copy them back as root but without doing a chown) 3. Launch bugzilla and perform any database operation. Actual Results: A "semi-cryptic" DBI error message appears saying it cannot detect the $db_driver parameter to use the database. Expected Results: It should die and write in STDERR (which can be seen in Apache's error log) that it cannot read the localconfig file Just a change in the do $localconfig by adding an or die close should suffice to fix the problem.
This has been fixed in Bugzilla 3.0. That's not something we are going to fix in Bugzilla 2.20 or 2.22 as these branches are restricted to security fixes only.
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
First of all, thanks Frédéric for your quick reactivity. I understand that the bug has been fixed in version 3.0 and the branches 2.20 and 2.22 are only opened to security fixes. However on the other hand the fix is very simple, it suffices to add an "or die" close after the do $localconfig in Config.pm. It is a small change that won't hurt anybody and will save a lot of grief to sysadmins that use stable releases (or stable distributions). And I would further argue that this could also be a security fix. Wouldn't it be dangerous leaving Bugzilla run without any localconfig defined? This is why I reopen the case to make you think twice and reconsider. If you still mark it as resolved I won't insist any longer. Regards, Miguel Telleria
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
Hey Miguel. I understand your argument, but you can look at it this way: we actually *did* fix it, we just fixed it in a newer version than the one you're using now. So we agree it's a problem, we're just not going to backport the fix right now. We do restrict ourselves pretty heavily on these branches. It's not just the possibilities of regressions, but also the fact that we'd have to actually do a whole release of 2.20 and 2.22 during the next release cycle if there were some real bug fixes on those branches.
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago18 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.