"Evil Code" error?

Jon Wilmoth JWilmoth at starbucks.com
Mon Jul 14 19:18:32 UTC 2003 

This seems to not be going away:

[Mon Jul 14 09:19:02 2003] [error] [client 66.57.63.132] DB user  not
found:
/usr/home/naicp/usr/local/etc/httpd/htdocs/bugzilla-2.16/index.php3
[Mon Jul 14 09:19:02 2003] [error] [client 66.57.63.132] DB user  not
found:
/usr/home/naicp/usr/local/etc/httpd/htdocs/bugzilla-2.16/index.html
[Mon Jul 14 09:19:02 2003] [error] [client 66.57.63.132] DB user  not
found:
/usr/home/naicp/usr/local/etc/httpd/htdocs/bugzilla-2.16/index.htm
Evil code attempted to write 'insert into logincookies (userid,ipaddr)
values (131, '204.238.150.136')' to the shadow database at
/usr/local/lib/perl5/5.6.1/CGI/Carp.pm line 301.
[Mon Jul 14 10:15:57 2003] [error] [client 204.238.150.136] Premature
end of script headers:
/usr/home/naicp/usr/local/etc/httpd/htdocs/bugzilla-2.16/reports.cgi
Evil code attempted to write 'insert into logincookies (userid,ipaddr)
values (131, '204.238.150.136')' to the shadow database at
/usr/local/lib/perl5/5.6.1/CGI/Carp.pm line 301.
[Mon Jul 14 11:52:29 2003] [error] [client 204.238.150.136] Premature
end of script headers:
/usr/home/naicp/usr/local/etc/httpd/htdocs/bugzilla-2.16/reports.cgi
[Mon Jul 14 12:39:11 2003] [error] [client 204.238.150.136] DB user
cpalmore at starbucks.com: authentication failure for "/userprefs.cgi":
password mismatch
Evil code attempted to write 'insert into logincookies (userid,ipaddr)
values (131, '204.238.150.136')' to the shadow database at
/usr/local/lib/perl5/5.6.1/CGI/Carp.pm line 301.
[Mon Jul 14 12:40:53 2003] [error] [client 204.238.150.136] Premature
end of script headers:
/usr/home/naicp/usr/local/etc/httpd/htdocs/bugzilla-2.16/reports.cgi

Again, we do not have a shadow db configured for our 2.17.3 instance.
I'm also concerned about the "DB user  not found" messages.

-----Original Message-----
From: David Miller [mailto:justdave at syndicomm.com] 
Sent: Tuesday, July 08, 2003 5:51 PM
To: developers at bugzilla.org
Subject: Re: "Evil Code" error?

On 7/8/2003 3:32 PM -0700, Jon Wilmoth wrote:

> We've been experiencing problems with our Bugzilla server (disk space
> and other) and finally had to reboot the machine.  I'm now seeing the
> following message in the apache error_log:
>
> Evil code attempted to write 'insert into logincookies (userid,ipaddr)
> values (131, '204.238.150.136')' to the shadow database at
> /usr/local/lib/perl5/5.6.1/CGI
> /Carp.pm line 301.
>
> This sounds bad...how concerned should I be?

Um, basically something broke if you got that.  Hard to be more
specific.
That error is actually generated by Bugzilla though.  It's in the
SendSQL
sub, which in 2.16.3 is in globals.pl.  The error message is generated
if
the current database is the shadow database and something tries to do a
database write (which is only allowed on the primary database, not the
shadow).  Most of the shadow database concept went away in 2.17.x in
favor
of database replication.
-- 
Dave Miller      Project Leader, Bugzilla Bug Tracking System
http://www.justdave.net/             http://www.bugzilla.org/
-
To view or change your list settings, click here:
<http://bugzilla.org/cgi-bin/mj_wwwusr?user=jwilmoth@starbucks.com>

More information about the developers mailing list