lagout / full-install

GNU Lesser General Public License v3.0
2 stars 0 forks source link

Potential Misconfiguration #9

Open santolucito opened 7 years ago

santolucito commented 7 years ago

We are a group of researchers from Yale University building a tool to finding bugs in configurations files. To evaluate the effectiveness of our tool, we randomly selected 1000 open source configuration files to verify and are requesting feedback on our error report. Your file https://raw.githubusercontent.com/lagout/full-install/7dd3cc6e113c9e73accab3c2258eb9fb99dca6cd/config/mariadb/my.cnf was among those files. When we ran our tool your file, it reported the following potential errors.

[INTEGER RELATION ERROR: Expected max-allowed-packet[mysqldump] <= innodb-buffer-pool-size[mysqld] Found values: ["innodb-buffer-pool-size[mysqld]=16m","max-allowed-packet[mysqldump]=48m"] In the training set we saw: ">=" 0 times, "<=" 45 times, "==" 3 times

FINE GRAINED ERROR: Expected max-connections[mysqld] * sort-buffer-size[mysqld] >= key-buffer-size[mysqld] Found values: ["max-connections[mysqld]=50","key-buffer-size[mysqld]=100m","sort-buffer-size[mysqld]=1m"] In the training set we saw: ">=" 64 times, "<=" 4 times, "==" 0 times ]

The training set referenced in the report is taken from the industrial configuration files at https://github.com/tianyin/configuration_datasets. Note that even if your system is currently working, these bug may manifest itself only under large traffic loads or different system environments.

If you feel the any of above errors may indeed cause problems either on your system, or a different system, please comment on this issue report in the space below. This will help use to improve our tool. If you do not believe this is a potential bug, please feel free to close this issue. If possible we would appreciate your feedback before July 27.

If you would like find out more about how we detected these bug, you can find the open source tool at https://github.com/santolucito/ConfigV. For a quick overview of this tool, you can watch this video at https://youtu.be/plliEh-5MpM. If you have further questions, or would like to get involved with this project, feel free to reach out over email at mark.santolucito@yale.edu.

Thank you for your time!