Page MenuHomePhabricator
Create Task
Maniphest T268420

GlobalIdGenerator assumes tmp path is unique
Closed, ResolvedPublic
Actions

Description

MediaWiki's GlobalIdGenerator class creates two files in $wgTmpDirectory, i.e. mw-GlobalIdGenerator-UID-nodeid and mw-GlobalIdGenerator-UUID-128. The default value for $wgTmpDirectory is the system directory for temporary files (e.g. /tmp on Linux). When a system hosts multiple MediaWiki installations (for example on shared hosting) with the default settings, this causes trouble when one installation has already created /tmp/mw-GlobalIdGenerator-UID-nodeid and /tmp/mw-GlobalIdGenerator-UUID-128 and another installation attempts to access or create them. This is similar to T161453 .

One consequence of this, is that the VisualEditor returns a HTTP 500 error because of a permission error on the files in /tmp because another user has already created those files:

[2020-11-09 03:51:20.876788] [proxy_fcgi:error] [R:X6iup-BKHJAtBifWDmWMbQAAABQ] AH01071: Got error 'PHP message: PHP Warning:  fopen(/tmp/mw-GlobalIdGenerator-UUID-128): failed to open stream: Permission denied in /home/boss/thomasd/www/includes/libs/uuid/GlobalIdGenerator.php on line 449' web2

If one user hosts multiple MediaWiki installations, or if a shared hosting service would run installations from different users all as www-data, then one installation would be messing with the files of another.

There might be other consequences depending on where GlobalIdGenerator gets used, though I have only seen issues with VisualEditor so far. This does mean that it's impossible to use VisualEditor on shared hosting with the default settings.

My suggestion is to either ensure that the file names will be unique (such as by using a prefix), or by implementing T179901 as long as the created directory is unique per installation and not system-wide.

Details

ProjectBranchLines +/-Subject
mediawiki/coremaster+11 -5GlobalIdGenerator: include user id in file prefix
Customize query in gerrit

Related Objects

Event Timeline

DanielsThomas created this task.Nov 22 2020, 8:14 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 22 2020, 8:15 PM
Bertvandepoel added a subscriber: Bertvandepoel.Nov 22 2020, 9:35 PM

I can confirm that indeed these files are created globally in /tmp , which is problematic whenever more than a single wiki is used. This could even be problematic for non-shared hosting where someone just happens to run two MediaWiki installations. It seems weird the regular functions for creating randomised or prefix temporary files weren't used in this case.

Ciencia_Al_Poder added a subscriber: Ciencia_Al_Poder.Nov 27 2020, 11:01 AM
ppelberg added projects: Editing-team (Tracking), Platform Engineering.Dec 1 2020, 4:50 PM
ppelberg moved this task from To Triage to Triaged on the VisualEditor board.
ppelberg added a subscriber: ppelberg.

hi @DanielsThomas, we appreciate you filing this ticket. Although, we think this is most likely a platform issue rather than a VisualEditor issue. As such, tagging that team.

Clarakosi edited projects, added Platform Team Workboards (Clinic Duty Team); removed Platform Engineering.Dec 1 2020, 9:22 PM
Clarakosi moved this task from Inbox to Later on the Platform Team Workboards (Clinic Duty Team) board.
Clarakosi added a subscriber: aaron.
tstarling added a subscriber: tstarling.Dec 1 2020, 9:23 PM

I think it's correct for this file to be shared between different wikis, but we could put getmyuid() in the filename to avoid permission errors.

Bertvandepoel added a comment.Dec 15 2020, 12:56 PM
In T268420#6661117, @tstarling wrote:

I think it's correct for this file to be shared between different wikis, but we could put getmyuid() in the filename to avoid permission errors.

I think that getmyuid() would absolutely make sense. I'm not sure if there's any risk of collision or race conditions when the file is shared between multiple wikis (of the same user), but if there's not I agree that adding getmyuid() to the file would be sufficient.

AMooney triaged this task as Medium priority.Dec 22 2020, 9:02 PM
Bertvandepoel awarded a token.Jan 20 2021, 2:31 AM
Bertvandepoel rescinded a token.
Bertvandepoel awarded a token.
Raymond mentioned this in T270377: VisualEditor throws "Error contacting the Parsoid/RESTBase server (HTTP 500)" on fresh installation.Apr 20 2021, 2:43 PM
Raymond added a subscriber: Raymond.Apr 20 2021, 3:05 PM
gerritbot added a comment.Jun 27 2022, 12:15 AM

Change 808548 had a related patch set uploaded (by Thomas Daniels; author: Thomas Daniels):

[mediawiki/core@master] GlobalIdGenerator: include user id in file prefix

https://gerrit.wikimedia.org/r/808548

gerritbot added a project: Patch-For-Review.Jun 27 2022, 12:15 AM
gerritbot added a comment.Aug 5 2022, 5:35 AM

Change 808548 merged by jenkins-bot:

[mediawiki/core@master] GlobalIdGenerator: include user id in file prefix

https://gerrit.wikimedia.org/r/808548

ReleaseTaggerBot added a project: MW-1.39-notes (1.39.0-wmf.25; 2022-08-15).Aug 5 2022, 6:00 AM
Maintenance_bot removed a project: Patch-For-Review.Aug 5 2022, 6:30 AM
tstarling closed this task as Resolved.Aug 8 2022, 3:51 AM
tstarling claimed this task.
Umherirrender mentioned this in T324513: MW 1.39 installation error: Call to undefined function Wikimedia\UUID\getmyuid().Dec 5 2022, 10:25 PM
Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL