Description of problem: There is no facility in cumin or the service script to take provide IO redirection. If cumin is started from a window, and that window is then closed, and cumin writes to stderr or stdout at any point, the browser will display an exception trace for an IO error. Version-Release number of selected component (if applicable): Probably doesn't matter, but reproduced with these: cumin-0.1.4410-1.el5 cumin-0.1.4494-1.el5 cumin-0.1.4554-1.el5 How reproducible: 100% Steps to Reproduce: 1. Add "debug: True" to [common] section of cumin.conf 2. /sbin/service cumin restart 3. Bring up web browser and navigate to a cumin page 4. close the window where /sbin/service command was issued 5. Click a link on a cumin page Actual results: Browser displays exception trace from IO error Expected results: Cumin should continue to operate normally after the console window is closed. Additional info: Although this is a contrived example, it is a vulnerability because any changes to the code that write to stderr/stdout, purposely or mistakenly, can cause crashes in the browser if the console window is closed.
Fixed in revision 4558 in trunk. cumin master script (/usr/bin/cumin) has two additional options: --console --devel The --console option will cause the master script to log to the screen instead of $CUMIN_HOME/log/master.log and will leave stdin, stderr, and stdout unchanged. This is a useful option for development. If the --console option is not specified, stdin, stdout, and stderr will be redirected to /dev/null and the master script will log to $CUMIN_HOME/log/master.log. This will be the default mode for cumin when started with /sbin/service cumin start. If the --console option is not specified and --devel is specified, stdin will be redirected to /dev/null, stderr will be redirected to $CUMIN_HOME/log/master.stderr, and stdout will be redirected to $CUMIN_HOME/log/master.stdout. This is a useful development/debug option that can be set in /etc/sysconfig/cumin as part of CUMIN_OPTIONS. Customers would not normally do this.
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause IO was not redirected when cumin was started as a service. Consequence If the cumin service was started from a window and that window was subsequently closed, program errors would be generated if cumin wrote output to stderr or stdout. Fix The /usr/bin/cumin script will now redirect stdin, stdout, and stderr to /dev/null by default. This is the mode that should be used for running cumin as a service. For information on other options, run /usr/bin/cumin --help. Result Any extraneous output from cumin will now be directed safely to /dev/null and the program will continue to run as a service if the console window is closed.
Additional refinement in revision 4570
Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -5,7 +5,7 @@ If the cumin service was started from a window and that window was subsequently closed, program errors would be generated if cumin wrote output to stderr or stdout. Fix - The /usr/bin/cumin script will now redirect stdin, stdout, and stderr to /dev/null by default. This is the mode that should be used for running cumin as a service. For information on other options, run /usr/bin/cumin --help. + The /etc/init.d/cumin startup script will initially redirect all IO to /dev/null when the service is started. By default, the /usr/bin/cumin script will log to $CUMIN_HOME/master.log; instances of cumin-web and cumin-data started by /usr/bin/cumin will log stderr, stdout, and normal log messages to corresponding log files in $CUMIN_HOME/log. For information on other options, run /usr/bin/cumin --help. Result - Any extraneous output from cumin will now be directed safely to /dev/null and the program will continue to run as a service if the console window is closed.+ Any extraneous output from cumin will now be directed safely to /dev/null or log files and the program will continue to run as a service if the console window is closed.
Added solution to catch stderr and stdout and funnel content to a log files with rollover control. Previously, some errors would not be logged at all, such as exception traces from unhandled exceptions (like the socket error below) Default log rollover size for $CUMIN_HOME/log/*.stderr and $CUMIN_HOME/log/*.stdout is 1MB. Catching unhandled errors can be demonstrated by doing something like: Create [web1] section in a cumin configuration file that duplicates the port number used by the [web] section # start one running to take the port.... $ cumin-web & modify /etc/sysconfig/cumin to set CUMIN_OPTIONS="--webs=web1" $ /sbin/service cumin start Check $CUMIN_HOME/log/web1.stderr for output. It should show the inability to access the port. $CUMIN_HOME/log/master.log should show the failure and a restart after 5 seconds (it will continue to try to restart every 5 seconds) Log rollover can be tested by doing the above test, but first creating the log file to be 1MB or bigger: $ dd if=/dev/zero of=$CUMIN_HOME/log.web1.stderr bs=1024 count=1
Verified in cumin-0.1.4683-1.el5
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2011-0889.html