summaryrefslogtreecommitdiff
path: root/doc/bugs
diff options
context:
space:
mode:
authorJoey Hess <joey@kitenet.net>2007-11-26 15:30:44 -0500
committerJoey Hess <joey@kitenet.net>2007-11-26 15:30:44 -0500
commite15e3202eb04048feb302b39d946f1ae1a15c306 (patch)
treeaf286f69e186483a5179e97939fbc2b01fc6932c /doc/bugs
parent8df24a447d9bcae138873bc076432e6a69946d7f (diff)
releasing version 2.14
Diffstat (limited to 'doc/bugs')
-rw-r--r--doc/bugs/Symlinked_srcdir_requires_trailing_slash.mdwn17
1 files changed, 16 insertions, 1 deletions
diff --git a/doc/bugs/Symlinked_srcdir_requires_trailing_slash.mdwn b/doc/bugs/Symlinked_srcdir_requires_trailing_slash.mdwn
index 0310c17f3..cd74c2496 100644
--- a/doc/bugs/Symlinked_srcdir_requires_trailing_slash.mdwn
+++ b/doc/bugs/Symlinked_srcdir_requires_trailing_slash.mdwn
@@ -63,4 +63,19 @@ My output:
scanning index.mdwn
rendering index.mdwn
-Note that index.mdwn was only rendered when srcdir had a trailing slash. \ No newline at end of file
+Note that index.mdwn was only rendered when srcdir had a trailing slash.
+
+> There are potential [[security]] issues with ikiwiki following a symlink,
+> even if it's just a symlink at the top level of the srcdir.
+> Consider ikiwiki.info's own setup, where the srcdir is ikiwiki/doc,
+> checked out of revision control. A malicious committer could convert
+> ikiwiki/doc into a symlink to /etc, then ikiwiki would happily publish
+> all of /etc to the web.
+>
+> This kind of attack is why ikiwiki does not let File::Find follow
+> symlinks when scanning the srcdir. By appending the slash, you're
+> actually bypassing that check. Ikiwiki should not let you set
+> up a potentially insecure configuration like that. More discussion of
+> this hole [[here|security#index29h2]], and I've had to release
+> a version of ikiwiki that explicitly checks for that, and fails to work.
+> Sorry, but security trumps convenience. [[done]] --[[Joey]]