summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2007-02-14 01:31:31 +0000
committerjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2007-02-14 01:31:31 +0000
commit40f318f3e999ce5f7890deafcb56deb1c125bf7a (patch)
tree0e15709763c39162550632a850fcf14be72bf1b6 /doc
parent227b64ad72faec528984e7924eca44f29ff92402 (diff)
document recent security hole
Diffstat (limited to 'doc')
-rw-r--r--doc/security.mdwn14
1 files changed, 14 insertions, 0 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 72ae8f4b9..01a893d20 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -279,3 +279,17 @@ Various directives that cause one page to be included into another could
be exploited to DOS the wiki, by causing a loop. Ikiwiki has always guarded
against this one way or another; the current solution should detect all
types of loops involving preprocessor directives.
+
+## Online editing of existing css and images
+
+A bug in ikiwiki allowed the web-based editor to edit any file that was in
+the wiki, not just files that are page sources. So an attacker (or a
+genuinely helpful user, which is how the hole came to light) could edit
+files like style.css. It is also theoretically possible that an attacker
+could have used this hole to edit images or other files in the wiki, with
+some difficulty, since all editing would happen in a textarea.
+
+This hole was discovered on 10 Feb 2007 and fixed the same day with the
+release of ikiwiki 1.42. A fix was also backported to Debian etch, as
+version 1.33.1. I recommend upgrading to one of these versions if your wiki
+allows web editing.