Item3987: view script hangs forever on TWikiRegistration when authenticating during editing of long topic

1. Start with a long topic (it doesn't happen if I make the topic short enough)
2. Fully close my browser so I'm not logged in
3. Open the browser and navigate to my TWIKI topic
4. Edit the topic
5. This causes the login dialog to come up
6. I log in. It seems I need to log in on two separate dialogs. The first one is a grey box, the second looks more like a TWIKI page. Both accept my login username and password
7. Try to save my edits. This is where the trouble begins

I played with this quite a bit and it is VERY repeatable. If I shorten the topic, it does not occur. I have to manually kill the perl process, at which time, the save of the edited page completes. I have obtained the following log of events from my shell account for a typical run where I get this to occur.

[data]$ tail log200704.txt
| 27 Apr 2007 - 19:05 | TWikiGuest | view | TWiki.TWikiRegistration |  Mozilla | 66.31.x.x |
| 27 Apr 2007 - 19:06 | JimHeck | edit | Computing.FooTopic |  | 66.31.x.x |
| 27 Apr 2007 - 19:06 | JimHeck | view | TWiki.TWikiRegistration |  | 66.31.x.x |
| 27 Apr 2007 - 19:07 | JimHeck | save | Computing.FooTopic | repRev 1 by JimHeck 2007/04/28 02:07:06 | 66.31.x.x |
| 27 Apr 2007 - 19:07 | JimHeck | view | Computing.FooTopic |  | 66.31.x.x |
| 27 Apr 2007 - 19:08 | TWikiGuest | view | Main.WebHome |  Mozilla | 66.31.x.x |
| 27 Apr 2007 - 19:08 | TWikiGuest | view | Computing.WebHome |  Mozilla | 66.31.x.x |
| 27 Apr 2007 - 19:08 | TWikiGuest | view | Computing.FooTopic |  Mozilla | 66.31.x.x |
| 27 Apr 2007 - 19:08 | TWikiGuest | view | TWiki.TWikiRegistration |  Mozilla | 66.31.x.x |
| 27 Apr 2007 - 19:08 | JimHeck | edit | Computing.FooTopic |  | 66.31.x.x |
[data]$ ps auxwww
USER       PID %CPU %MEM   VSZ  RSS TTY      STAT START   TIME COMMAND
jheck    29802  0.0  0.0  7652 2064 ?        S    17:19   0:00 sshd: jheck@pts/0
jheck    20022  0.0  0.0  4608 1640 pts/0    Ss   17:19   0:00 -bash
jheck     3010  0.8  0.3 15764 14148 ?       S    19:10   0:00 /usr/bin/perl -wT view
jheck     4235  0.0  0.0  2296  732 pts/0    R+   19:11   0:00 ps auxwww
[data]$ ps auxwww
USER       PID %CPU %MEM   VSZ  RSS TTY      STAT START   TIME COMMAND
jheck    29802  0.0  0.0  7652 2064 ?        S    17:19   0:00 sshd: jheck@pts/0
jheck    20022  0.0  0.0  4608 1640 pts/0    Ss   17:19   0:00 -bash
jheck     3010  0.2  0.3 15764 14148 ?       S    19:10   0:00 /usr/bin/perl -wT view
jheck    13772  0.0  0.0  2296  732 pts/0    R+   19:13   0:00 ps auxwww
[data]$ tail log200704.txt
| 27 Apr 2007 - 19:06 | JimHeck | edit | Computing.FooTopic |  | 66.31.x.x |
| 27 Apr 2007 - 19:06 | JimHeck | view | TWiki.TWikiRegistration |  | 66.31.x.x |
| 27 Apr 2007 - 19:07 | JimHeck | save | Computing.FooTopic | repRev 1 by JimHeck 2007/04/28 02:07:06 | 66.31.x.x |
| 27 Apr 2007 - 19:07 | JimHeck | view | Computing.FooTopic |  | 66.31.x.x |
| 27 Apr 2007 - 19:08 | TWikiGuest | view | Main.WebHome |  Mozilla | 66.31.x.x |
| 27 Apr 2007 - 19:08 | TWikiGuest | view | Computing.WebHome |  Mozilla | 66.31.x.x |
| 27 Apr 2007 - 19:08 | TWikiGuest | view | Computing.FooTopic |  Mozilla | 66.31.x.x |
| 27 Apr 2007 - 19:08 | TWikiGuest | view | TWiki.TWikiRegistration |  Mozilla | 66.31.x.x |
| 27 Apr 2007 - 19:08 | JimHeck | edit | Computing.FooTopic |  | 66.31.x.x |
| 27 Apr 2007 - 19:10 | JimHeck | view | TWiki.TWikiRegistration |  | 66.31.x.x |
[data]$ kill 3010
[data]$ tail log200704.txt
| 27 Apr 2007 - 19:07 | JimHeck | save | Computing.FooTopic | repRev 1 by JimHeck 2007/04/28 02:07:06 | 66.31.x.x |
| 27 Apr 2007 - 19:07 | JimHeck | view | Computing.FooTopic |  | 66.31.x.x |
| 27 Apr 2007 - 19:08 | TWikiGuest | view | Main.WebHome |  Mozilla | 66.31.x.x |
| 27 Apr 2007 - 19:08 | TWikiGuest | view | Computing.WebHome |  Mozilla | 66.31.x.x |
| 27 Apr 2007 - 19:08 | TWikiGuest | view | Computing.FooTopic |  Mozilla | 66.31.x.x |
| 27 Apr 2007 - 19:08 | TWikiGuest | view | TWiki.TWikiRegistration |  Mozilla | 66.31.x.x |
| 27 Apr 2007 - 19:08 | JimHeck | edit | Computing.FooTopic |  | 66.31.x.x |
| 27 Apr 2007 - 19:10 | JimHeck | view | TWiki.TWikiRegistration |  | 66.31.x.x |
| 27 Apr 2007 - 19:15 | JimHeck | save | Computing.FooTopic | repRev 1 by JimHeck 2007/04/28 02:15:09 | 66.31.x.x |
| 27 Apr 2007 - 19:15 | JimHeck | view | Computing.FooTopic |  | 66.31.x.x |

Note the times.

The sequence of data collection is as follows:

• Right after the first tail, I save the page.
• Next I do a ps to show the hung process
• Several minutes later I do another ps to show the process still hung
• Then I do a tail of the log again to show that the the view is of the TWikiRegistration topic
• Then I kill the errant process
• Then I do a tail of the log once more to show that the save of the topic completes and the view of the topic refreshes

Here is some more information. If I successfully edit a short topic before editing the long topic, the TWikiRegistration topic never gets viewed prior to the long page save, and the problem does not occur. In other words, once I'm authenticated I never see the problem. If I remove enough text from the page I used above in the example, it stops exhibiting the problem. If I add enough text back it starts doing it again. This is very repeatable and consistent. I'm betting it's some kind of race condition between scripts that is timing dependent and the longer page puts me in some kind of deadlock zone (just a hunch).

I'm going to mark this Urgent, since this is one nasty bug that could easily be used to launch a denial of service attack against TWiki sites if it is not just my setup but universal. The hung process persists even if the browser is closed. Hung processes pile up if you open the page again and try to edit with a new session.

Here is information on what's running on the DreamHost server

• Server: Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.4.2
• This is perl, v5.8.4 built for i386-linux-thread-multi
• PHP 4.4.4 (cgi) (built: Nov 7 2006 13:14:18)
  • Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies
  • with Zend Extension Manager v1.2.0, Copyright (c) 2003-2006, by Zend Technologies
  • with Zend Optimizer v3.2.2, Copyright (c) 1998-2006, by Zend Technologies

I have scrupulously detailed my TWiki Installation procedure for DreamHost and will include it here. I don't want to linkup my twiki right now, since it is vulnerable to this attack, but I will give developers a crack at it if they need to try something on my site.

HeckHowToSetupTwikiOnDreamHost

Please let me know what other information I can provide that might be of assistance. Also FYI, I'm having problems with my password login to this development TWIKI site. My password stops working. I then need to re-register and I can edit pages again after that. I've had to do it 3 times already.

-- TWiki:Main/JimHeck - 28 Apr 2007

There are many TWikis running on Dreamhost, and this is the first report of this kind. It is almost certainly something to do with your Apache configuration on Dreamhost; it is highly unlikely to be specific to TWiki. The fact that it is "forgetting" passwords suggests that there is something seriously wrong with your setup, but without full access to the server, and without being able to reproduce the problem on another server, it is not debuggable. I'm moving this report to Support web (TWiki:Support/DreamhostSetupProblems) to see if there are any similar experiences, and to give you and others a chance to nail down the conditions under which this is reproducable. Please make sure you fill all the required details there (e.g. installed plugins).

If you are able to identify a definite SMART bug, then please feel free to re-open this report, with details of how to reproduce it.

CC