The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ImageMagick can spoof your harddrive!

Discussion in 'General Discussion' started by kimsteinhaug, Mar 11, 2004.

  1. kimsteinhaug

    kimsteinhaug Registered

    Joined:
    Mar 11, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Norway
    On behaf of Nordic Hosting I was told to mention my findings here in the forum so that you all are aware of the fact that using ImageMagick (And probably any outside script on your box) may spoof the Disk Usage...

    To make it all clear, here is the problem, exmaple :

    1. You use PHP to upload an image of 1MB, then ImageMagick is used to create a thumb of 10KB and a large image of 100KB.
    2. You use PHP to delete the original 1MB file that was uploaded.

    You would expect the Disk usage to say 110KB, but the fact is that is shows 0kb. Since the original file for 1MB is deleted, its 0kb. Cpanel doesnt account for files created by outside scripts, atleast not ImageMagick.

    Ive developåed a site for a client which made me aware of this problem. The site at the moment has over 2000 images online in 3 sizes. The filesize when downloading a backup reads almost 200 MB, while Cpanel states usage of 10MB... Which is the site in general with the GUI.

    I do not think people is aware of this, atleast not customers, but you should take time to "check" your imageMagick customers which you know have lots of images and have an upload function just to be sure their not eating a GB of your harddrive on a 10MB package.

    Regards,
    Kim Steinhaug
    kim@steinhaug.com
    www.steinhaug.com
     
  2. Curious Too

    Curious Too Well-Known Member

    Joined:
    Aug 31, 2001
    Messages:
    427
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Files uploaded using PHP are generally owned by the user "nobody" that's why they don't show up as part of the users disk useage.
     
  3. AlexAT

    AlexAT Well-Known Member
    PartnerNOC

    Joined:
    May 23, 2003
    Messages:
    203
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Ukraine
    cPanel Access Level:
    Root Administrator
    where are they uploaded to?
     
  4. nybble

    nybble Well-Known Member

    Joined:
    Jan 26, 2004
    Messages:
    223
    Likes Received:
    0
    Trophy Points:
    16
    I am going to take a wild guess that you are not the sys admin nor do you know much about php?

    they are uploaded to where ever you tell them to in php.ini.
    Once they are uploaded they get saved in a dir, and the owner would be nobody, or what ever php is running as.

    Fix?: Don't be lazy and use the dumb tools cpanel gives you, they just give you an idea of whats going on, none of them really work very well.
    Check the size of a whole dir, ie. the users home dir along with the users mysql usage and mail storage
     
  5. kimsteinhaug

    kimsteinhaug Registered

    Joined:
    Mar 11, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Norway
    This makes perfect sense. Makes it alot easier for me to explain to the server admin since I had no good "technical" explernation for why, but this is surely why.
     
  6. tAzMaNiAc

    tAzMaNiAc Well-Known Member

    Joined:
    Feb 16, 2003
    Messages:
    559
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sachse, TX
    Yes, Generally, unless you use PHPSuExec.. thne they are owned by the user properly.

    I do not have that problem so..


    Brenden
     
  7. AlexAT

    AlexAT Well-Known Member
    PartnerNOC

    Joined:
    May 23, 2003
    Messages:
    203
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Ukraine
    cPanel Access Level:
    Root Administrator
    nothing terrible here.

    just make your /tmp clean as usual.

    If user wants to set upload path to his internal dir in his own php.ini that is his problem.

    do not see any problem at all...

    this is just ImageMagick bug and should be sent to them for they fix it in next version.
     
Loading...

Share This Page