Why is chmod 777 given to solve perm issues per README?

vwyoda · January 13, 2014, 8:32pm

This is not a solution, but a hack and opens up people to possible security risks. Why would this even be given and not properly solved in the code? As of right now with these settings I can easily store malicious executable code in the tmp dir. Which is a great foothold to expoit the box then. This also means any process on my box running Piwik can write to this dir.

What is the thinking behind such a suggestion by the Piwik devs? Can you please explain how this solves the problem properly and does not further open a box to a greater risk of being exploited. Fingerprinters like blindelephant can be used to find such installs. I have actually updated my local copies of its DB to start looking for that.

This type of recomendation reminds me of stuff OpenCart spews or even OpenX.

matthieu · January 13, 2014, 9:03pm

Sounds like a “documentation” bug. Can you send the link to it and what you suggest we fix it with instead?

Also see related ticket: System check update message regarding config file permissions · Issue #4046 · matomo-org/matomo · GitHub

vwyoda · January 13, 2014, 9:12pm

github.com

matomo-org/matomo/blob/master/tests/README.troubleshooting.md

# Troubleshooting Piwik Tests

If you have problems with running Piwik tests see below.

If you cannot solve your issues please [ask in the forums](https://forum.piwik.org/list.php?9)


## Important note for Linux users: fix for slow tests

If the tests are running incredibly slow on your machine, maybe you are running mysql DB on an ext4 partition?
Here is the tip that will save you hours of research: if you use Mysql on ext4 partition,
make sure you add "nobarrier" option to /etc/fstab to disable some super slow IO feature.

Change from:
    `UUID=83237e54-445f-8b83-180f06459d46       /       ext4    errors=remount-ro     0       1`
to this:
    `UUID=83237e54-445f-8b83-180f06459d46       /       ext4    errors=remount-ro,nobarrier     0       1`


## Using latest GIT version

This file has been truncated. show original

I have not spent enough time in your actual code base to properly suggest a resolution. But this can and will be used to exploit installs of Piwik.

matthieu · January 14, 2014, 12:32am

These are instructions for setting up unit tests for developers, so one should never run these instructions on a production server

vwyoda · January 14, 2014, 1:15am

OK well its what comes up with google searches when I hit the error stated there. I get
RuntimeException: Unable to create the cache directory ( piwik/tmp/templates_c/66/77)
on almost every graph

matthieu · January 14, 2014, 2:44am

try giving write permissions to piwik/tmp/ folder