[Clipart] Site fixup work

Jonadab the Unsightly One jonadab at bright.net
Fri Nov 18 07:21:23 PST 2005

Bryce Harrington <bryce at bryceharrington.org> writes:

> No functional changes were implemented so whatever non-security
> issues existed are still there...  :-/
> However, I've never noticed any unusual performance issues.

I was referring to the performance issues noted in the following
message from back in July, about which AFAIK nothing has yet been

From: Jon Phillips <jon at rejon.org>
Message-Id: <1120809401.19843.62.camel at localhost>
Subject: [Clipart] Recent fd.o disk IO is our issue
To: OCAL list <clipart at lists.freedesktop.org>
Date: Fri, 08 Jul 2005 00:56:41 -0700

Well, Bryce and I noticed massive disk IO issues with the
freedesktop.org server that OCAL is on. We both discussed this with
Daniels and he recently just posted this on the chat channel:

(00:48:24) daniels: um, guys
(00:48:35) daniels: so, there's good news and bad news
(00:48:47) daniels: good news: i found out what's causing the io load on
(00:48:49) daniels: bad news: it's you
(00:48:55) daniels: /cgi-bin/navigate is incredibly disk-heavy
(00:49:26) daniels: also, navigate and the screenshot script are
insecure in terms of allowing external paths
(00:49:32) daniels: i.e. not normalising ../../../, etc
(00:49:35) daniels: bbl

Thus, we should discuss these issues, as DMS is also very disk-centric
as well. Also, as our clipart library increases in size these issues are
going to be coming up more and more.

We should think about how to speed up the navigate engine and fix the
security problem in the navigate and screenshot scripts. Thoughts?


More information about the clipart mailing list