blob: cd74c2496bd4460e34e6a409a24ce6ddcd0f24c3 (
plain)
If the srcdir is a symlink, Ikiwiki will not render the pages unless the srcdir has a trailing slash.
For example:
#!/bin/sh
set -x
REALSRCDIR=~/tmp/ikiwiki/wikiwc2
SRCDIR=~/tmp/ikiwiki/wikiwc
DESTDIR=~/tmp/ikiwiki/public_html/wiki/
echo "*** Testing without trailing slash."
rm -rf $REALSRCDIR $SRCDIR $DESTDIR
# Create the real srcdir and link the srcdir to it
mkdir -p $REALSRCDIR
ln -s $REALSRCDIR $SRCDIR
mkdir -p $DESTDIR
echo Test > $SRCDIR/index.mdwn
# No trailing slash after $SRCDIR
ikiwiki --verbose $SRCDIR $DESTDIR --url=http://example.org/~you/wiki/ --underlaydir /dev/null
echo "*** Testing with trailing slash."
rm -rf $REALSRCDIR $SRCDIR $DESTDIR
# Create the real srcdir and link the srcdir to it
mkdir -p $REALSRCDIR
ln -s $REALSRCDIR $SRCDIR
mkdir -p $DESTDIR
echo Test > $SRCDIR/index.mdwn
# Trailing slash after $SRCDIR
ikiwiki --verbose $SRCDIR/ $DESTDIR --url=http://example.org/~you/wiki/ --underlaydir /dev/null
My output:
+ REALSRCDIR=/home/svend/tmp/ikiwiki/wikiwc2
+ SRCDIR=/home/svend/tmp/ikiwiki/wikiwc
+ DESTDIR=/home/svend/tmp/ikiwiki/public_html/wiki/
+ echo '*** Testing without trailing slash.'
*** Testing without trailing slash.
+ rm -rf /home/svend/tmp/ikiwiki/wikiwc2 /home/svend/tmp/ikiwiki/wikiwc /home/svend/tmp/ikiwiki/public_html/wiki/
+ mkdir -p /home/svend/tmp/ikiwiki/wikiwc2
+ ln -s /home/svend/tmp/ikiwiki/wikiwc2 /home/svend/tmp/ikiwiki/wikiwc
+ mkdir -p /home/svend/tmp/ikiwiki/public_html/wiki/
+ echo Test
+ ikiwiki --verbose /home/svend/tmp/ikiwiki/wikiwc /home/svend/tmp/ikiwiki/public_html/wiki/ --url=http://example.org/~you/wiki/ --underlaydir /dev/null
+ echo '*** Testing with trailing slash.'
*** Testing with trailing slash.
+ rm -rf /home/svend/tmp/ikiwiki/wikiwc2 /home/svend/tmp/ikiwiki/wikiwc /home/svend/tmp/ikiwiki/public_html/wiki/
+ mkdir -p /home/svend/tmp/ikiwiki/wikiwc2
+ ln -s /home/svend/tmp/ikiwiki/wikiwc2 /home/svend/tmp/ikiwiki/wikiwc
+ mkdir -p /home/svend/tmp/ikiwiki/public_html/wiki/
+ echo Test
+ ikiwiki --verbose /home/svend/tmp/ikiwiki/wikiwc/ /home/svend/tmp/ikiwiki/public_html/wiki/ --url=http://example.org/~you/wiki/ --underlaydir /dev/null
scanning index.mdwn
rendering index.mdwn
Note that index.mdwn was only rendered when srcdir had a trailing slash.
There are potential [[security]] issues with ikiwiki following a symlink,
even if it's just a symlink at the top level of the srcdir.
Consider ikiwiki.info's own setup, where the srcdir is ikiwiki/doc,
checked out of revision control. A malicious committer could convert
ikiwiki/doc into a symlink to /etc, then ikiwiki would happily publish
all of /etc to the web.
This kind of attack is why ikiwiki does not let File::Find follow
symlinks when scanning the srcdir. By appending the slash, you're
actually bypassing that check. Ikiwiki should not let you set
up a potentially insecure configuration like that. More discussion of
this hole [[here|security#index29h2]], and I've had to release
a version of ikiwiki that explicitly checks for that, and fails to work.
Sorry, but security trumps convenience. [[done]] --[[Joey]]
|
