Closed hexparrot closed 9 years ago
Would this be possible in production though?
Definitely possible. Inspect the dropdown element and change the UID value to something invalid and it'll crash the web-ui.
I wouldn't expect someone to do that in production but +1 for robust code :)
+1 for robust code
64f6e53eb84232c2ac7ee3a9789c9ec1050b5838 fixes this.
The webui crashes if a server directory within base_dir is owned by a UID/GID that does not exist on the system:
drwxr-xr-x 2 1001 1001 4096 May 6 14:12 testing
This problem can be reproduced by running
sudo nodeunit test/test-mineos.js
; the tests will continue until test.chown() at which point if the user that is hardcoded into the test suite does not exist,nodeunit
will silently crash.This is the only test that utilizes (and hardcodes) a UID/GID other than 0, so it should probably check for a valid non-root user before continuing or skip the test automatically.
Subsequent attempts to use the web-ui will also fail when it tries to check the server owner and the web-ui silently crashes to the terminal as well. Deleting the errant server will restore all operation to normal, as will creating user/group 1001.