With file system check and our subdirectory multisite configuration, the check keeps running until it runs out of memory (even if we give it >1G of RAM). For our multisite config to work we must have symlinks in the root directory for the multisite's site name. The symlink points to the root directory itself. So something like:

drupal_root/sites/my.domain.mysite
drupal_root/mysite -> drupal_root

This creates an infinite loop which apparently the file system check in security_review isn't smart enough to detect. I don't know if it's a matter of not following symlinks or just not looping through the same directory structure more than once, but one or the other should be possible.

If we remove the multisite symlink, the security_review module runs fine (of course then our multisite configuration no longer works). With the multisite config (using the symlinks) we can't run the file system check of security_review. It runs fine if we skip that one check though.

The subdirectory multisite configuration we use is documented here: http://drupal.org/documentation/install/multi-site#symlink

Comments

ksclarke’s picture

Issue summary: View changes

clarified what the dot mean in my example

coltrane’s picture

The short answer here is to ignore this check so that it won't run and the rest of the checklist will continue.

Security Review should attempt to detect this case or else if there's too many directories in the scan it should halt.

coltrane’s picture

Category: bug » feature

Changing to a feature request to support this.

coltrane’s picture

@ksclarke note that 7.x-1.x-dev (and soon new stable release) supports ignoring specific directories via a hook_security_review_file_ignore_alter() implementation. So you could explicitly ignore the 'mysite' directory from being scanned.

I'm investigating how it could (and if it should) not follow symlink paths.

coltrane’s picture

Status: Active » Needs review
StatusFileSize
new1.92 KB

Try this out.

Status: Needs review » Needs work

The last submitted patch, 1946106-security-review.patch, failed testing.

coltrane’s picture

Version: 7.x-1.0 » 7.x-1.x-dev
Status: Needs work » Needs review
StatusFileSize
new1.92 KB

Trying again against 7.x-1.x branch

coltrane’s picture

StatusFileSize
new3.46 KB

A bit cleaner.

coltrane’s picture

StatusFileSize
new2.8 KB

This time without changes to IGNOREME.txt

coltrane’s picture

Version: 7.x-1.x-dev » 6.x-1.x-dev
Status: Needs review » Patch (to be ported)
coltrane’s picture

Issue summary: View changes

Tried to clarify descriptive text

  • coltrane committed 3fbfde3 on 8.x-1.x
    Issue #1946106 by coltrane: File system check fails on a subdirectory...
smustgrave’s picture

Issue summary: View changes
Status: Patch (to be ported) » Closed (outdated)

As Drupal6 has been EOL https://www.drupal.org/about/drupal6-eol closing as outdated