Zenphoto
The simpler media website CMS
ZenphotoThe simpler media website CMS
Forum search only. You might also want to search on the main site's user guide.
Your support helps pay for this server, and helps development of zenphoto. Thank you!
Visit the donations page
Comments
Right, so much so there are clearly many people who's original preference is to use larger images and who would benefit by some solution like this.
I saw your referenced i.php lines before you edited that out.
That seems useful. It's not set by default, it's not in the "security" tab and there's a warning on the option making it so one would be inclined not to set it. I don't quite understand the warning about memory usage yet though. I bet many public zp servers are vulnerable to this problem to some extent. Your demo is.
For serializing I'm thinking now along the lines of waiting to get a semaphor or mutex lock in i.php. That would allow the on-the-fly cacher to still work. I don't know how that plays with timeout issues, but not worse than jamming up the system with too many processes. OK, so technically, that's IPC.
some commenter on the php manual page:
"On the Apache webserver, ... any semaphores got and acquired by a script and not released and removed will still be automatically cleaned up by the PHP interpreter each time the script terminates."
but unless there's slightly more to it, it might still not cleanup after kill -9 or crashes and if other servers don't clean up that's a problem. Of course this is the pain with locks.
and this is bad, from the php manual:
"Support for this functions are not enabled by default. To enable System V semaphore support compile PHP with the option --enable-sysvsem ."
of course I have no idea how or if this works on windows etc.
System V semaphores are not available on Windows. For PHP, you will be far better off using a file lock. Check out `fopen` with the `x` option. Keep in mind that, as you said, you will have to implement cleaning up stale locks in case the process is killed. (This is actually fairly trivial if you write the PID to the lock file.)
Is the x option atomic? The manual doesn't exactly say it is.
I think it's a serious issue but comes with the territory of allowing large user demand-able resource allocation I guess. I should start a new thread but I'm not sure I should have mentioned in a thread at all. I think the right solution is to have an option to dissallow all external access to i.php, and that should be the default. When the option is set it should also be true that no themes etc pass through limitlessly arbitrary user requests to the internal interface.
Of course if the user is not allowed to make arbitrary requests, then the list of requests they can make is predetermined (even if in a complex way) and precachable. There could also be higher-permission users (bloggers or whatever) who are allowed to make arbitrary requests though.
You actually had me mostly convinced that the secure image processor option should work. I thought the fix might just be to make it more default/noticable/less-discouraged. I think it's intent was to protect content though, not system resources, but I still thought it would work.
Of course I rewrote the whole architecture of zp in 10 lines (but I did implement IPC) </grin>
btw I didn't use fopen. It's atomic, but writing the PID into the file is not atomic and while that can be dealt with. I took an easier way, but there's an obvious better way than that or mine with slightly more work.
Now to worry about that security threat.. well this already helps it quite a bit at least.
Only let 1 (or configurable number) instances of the image processor run at a time.
The end. (but that was the request, and it's what works)
I'll have more time again later.