[ic] RE: error accessing genconfig.html in IC administration

Curt Hauge chc@mninter.net
Wed, 21 Mar 2001 22:53:01 -0600 

I have gone a little further in troubleshooting this error.

This error

Can't read file '/local_path/catalogs/mycat/etc/status.mycat' with NoAbsolute set

seems to be coming from Util.pm. I have grepped lib/Vend for "Can't read file" and it is found only in Util.pm on two lines. It can also be found in interchange/locale.error (Util.pm:3 and Util.pm:4, which is how I found it in Util.pm). Anyone know what to check for next? There is obviously a clue somewhere in line 892, but what does it all mean? =) 

[from Util.pm line 878 to 896 IC4.6.3 tarball]
# Reads in an arbitrary file.  Returns the entire contents,
# or undef if the file could not be read.
# Careful, needs the full path, or will be read relative to
# VendRoot..and will return binary. Should be tested by
# the user.
#
# To ensure security in multiple catalog setups, leading
# / is not allowed unless $Global::NoAbsolute is set.
#
sub readfile {
    my($file, $no, $loc) = @_;
    my($contents);
    local($/);

	if($no and (::file_name_is_absolute($file) or $file =~ m#\.\./.*\.\.#)) {
		::logError("Can't read file '%s' with NoAbsolute set" , $file);
		::logGlobal({}, "Can't read file '%s' with NoAbsolute set" , $file );
		return undef;
	}
[more code]




-----Original Message-----
From: Curt Hauge [mailto:chc@mninter.net]
Sent: Tuesday, March 20, 2001 4:16 PM
To: interchange-users@lists.akopia.com
Subject: error accessing genconfig.html in IC administration


Hi everyone,

A recent 4.6.3 tarball conversion from MV4.04 on Linux Mandrake 6.0 displays this message in /catalogs/mycat/error.log _and_ interchange/error.log whenever I access genconfig.html (Administration) from the Interchange Administration logged in as Super User:

[some_more_info] mycat /cgi-bin/mycat/admin/genconfig.html Can't read file '/local_path/catalogs/mycat/etc/status.mycat' with NoAbsolute set

Is this normal? It doesn't seem to hurt anything, so should I just live with it? When I switch NoAbsolute to No, it works fine, however, I understand NoAbsolute is set to Yes for security reasons, so I don't want to set it to No if this leaves me at any risk. It is a single catalog installation, however, I also have a newly configured test cat on this server with the same problem. The NoAbsolute definition says:

...This should be changed (to Yes) in a multi-user environment to minimize security problems...

Does multi-user mean more than one catalog or more than one person accessing the administration area of _any_ catalog? The archives have produced nothing more in regard to this same error message or NoAbsolute. Anyone familar with this or have any other key words to search on?

Thanks in advance.

Curt Hauge