summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2006-10-22 21:12:21 +0000
committerjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2006-10-22 21:12:21 +0000
commitc49af80ab38f71abcbe9887dde4b76d462595f4a (patch)
tree710baa8bbc0a3cb2602f9edf02da53eb8f1c6767 /doc
parent6a75123d7aa3594cb4dd5eb9b3311767ad1738ea (diff)
some notes about the security (or lack thereof) of plugins
Diffstat (limited to 'doc')
-rw-r--r--doc/security.mdwn14
1 files changed, 14 insertions, 0 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn
index fea0eb727..723c01863 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -158,6 +158,20 @@ allowed, so that's not a problem.)
----
+# Plugins
+
+The security of [[plugins]] depends on how well they're written and what
+external tools they use. The plugins included in ikiwiki are all held to
+the same standards as the rest of ikiwiki, but with that said, here are
+some security notes for them.
+
+* The [[plugins/img]] plugin assumes that imagemagick/perlmagick are secure
+ from malformed image attacks. Imagemagick has had security holes in the
+ past. To be able to exploit such a hole, a user would need to be able to
+ upload images to the wiki.
+
+----
+
# Fixed holes
_(Unless otherwise noted, these were discovered and immediately fixed by the