[Clipart] Recent fd.o disk IO is our issue

Jon Phillips jon at rejon.org
Fri Jul 8 23:26:51 PDT 2005


On Fri, 2005-07-08 at 09:34 -0400, Jonadab the Unsightly One wrote:
> Jon Phillips <jon at rejon.org> writes:
> 
> > We should think about how to speed up the navigate engine and fix
> > the security problem in the navigate and screenshot
> > scripts. Thoughts?
> 
> The navigate script probably could be redesigned to read just one
> index file, which could be generated as part of the release process.
> That would also eliminate the path security issue as a side-effect.
> Of course, the img tags would still link to the individual files, but
> that's static web-serving stuff and should be okay.

Hmmm...what other options do we have as well. Seems like one big index
file will still be accessed quite often. I wonder if also putting the
system into sqlite or some other lite db system might speed up access
and also decrease hard drive io. Also, what ways of caching (queries and
the index data) could we use to speed up and decrease drive io in the
navigate script?

> I am a little surprised that the screenshot script has the path
> security issue, since I *thought* I designed it to generate all of its
> own filenames, not using user-supplied ones.  But I may have
> overlooked something, such as a case where the script links back to
> itself with an indication of which file is wanted.  (If so, that could
> be sanitized with a regex that only allows reasonable filename
> characters; slash certainly isn't needed.)  I'd check, but I'll have
> to get my workstation fixed first.  If someone else wants to check it,
> without a lot of familiarity with its internals, try turning on
> taint-checking on the shebang line and see what turns up in the error
> log when you access it; that may point you to the right place to look.

Did anyone do this yet?

> I think we should try to avoid being a heavy burden on fdo, especially
> if it's unnecessary, and we certainly should try to avoid security
> problems.

Yes, I think from a "cool" standpoint this is good, as well as a good
technically sound practice to make sure our tools work well on
production systems.

Jon

-- 
Jon Phillips

USA PH 510.499.0894
jon at rejon.org
http://www.rejon.org

Inkscape (http://inkscape.org)
Open Clip Art Library (www.openclipart.org)




More information about the clipart mailing list