On Wed, Jun 19, 2013 at 1:36 PM, Brian Wolff <bawolff(a)gmail.com> wrote:
Is there any *public* list of which exceptions/errors they are. Seeing
how many isn't all that helpful unless we know which ones. (yeah yeah
I know, there's concerns about data leakage with backtraces, but just
the exception names w/o backtrace should be safe (?))
Maybe, e.g. the current one I see if I tail -f
fluorine:/a/mw-logs/fatals.log is:
[20-Jun-2013 18:54:45] Fatal error: Call to a member function getCode() on
a non-object at
/usr/local/apache/common-local/php-1.22wmf8/includes/GlobalFunctions.php on
line 1288
Seems OK to display, but meanwhile in exceptions.log:
2013-06-20 18:30:45 mw1076 bswiki: [6d110124] /wiki/[redacted] Exception
from line 3303 of
/usr/local/apache/common-local/php-1.22wmf7/includes/User.php:
User::addToDatabase: hit a key conflict attempting to insert user
'[redacted], but it was not present in select!
So the exception/error alone can reveal stuff. And I guess it could hint at
an exploit (I hope neither of those do :-/ ).
If there's a problem on a WMF site, unless it's reproduceable on a stock
test wiki, I think it'll need someone with access to the fluorine logs
machine. For those that have access, <
https://wikitech.wikimedia.org/wiki/How_to_deploy_code#Test_and_monitor_you…
and <https://wikitech.wikimedia.org/wiki/Logs> have advice about monitoring
logs and graphs.
--
=S Page engineer on Editor Engagement Experiments