From 827bd1d99027b845cb2fbc9f87200b5316f449c6 Mon Sep 17 00:00:00 2001 From: "https://www.google.com/accounts/o8/id?id=AItOawngqGADV9fidHK5qabIzKN0bx1ZIfvaTqs" Date: Sun, 12 Sep 2010 22:48:49 +0000 Subject: --- doc/bugs/ikiwiki_ignores_PATH_environment.mdwn | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn b/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn index 5097acaef..992ea0a2a 100644 --- a/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn +++ b/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn @@ -16,3 +16,5 @@ This makes it a little hard to specify which specific binaries should be used, e > The ikiwiki script's own sanitization of PATH was done to make perl taint > checking happy, but as taint checking is disabled anyway, I have removed > that. [[done]] --[[Joey]] + +Question: Do ikiwiki.cgi and the RCS post-commit script sanitize the $PATH separately from bin/ikiwiki? If not, then bin/ikiwiki is probably right to sanitize the $PATH; otherwise you've created a security hole with access to the account that ikiwiki is SUID to. It'd be nice if /opt/local/bin were earlier in the $PATH, but that can be changed (as noted) in the setup file. [[Glenn|geychaner@mac.com]] -- cgit v1.2.3 From f6127eb9fa53d375f6ad3d079c75a279c268e9cd Mon Sep 17 00:00:00 2001 From: "https://www.google.com/accounts/o8/id?id=AItOawngqGADV9fidHK5qabIzKN0bx1ZIfvaTqs" Date: Sun, 12 Sep 2010 22:50:33 +0000 Subject: Add comment about this issue --- doc/bugs/ikiwiki_ignores_PATH_environment.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn b/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn index 992ea0a2a..1cf99d826 100644 --- a/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn +++ b/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn @@ -17,4 +17,4 @@ This makes it a little hard to specify which specific binaries should be used, e > checking happy, but as taint checking is disabled anyway, I have removed > that. [[done]] --[[Joey]] -Question: Do ikiwiki.cgi and the RCS post-commit script sanitize the $PATH separately from bin/ikiwiki? If not, then bin/ikiwiki is probably right to sanitize the $PATH; otherwise you've created a security hole with access to the account that ikiwiki is SUID to. It'd be nice if /opt/local/bin were earlier in the $PATH, but that can be changed (as noted) in the setup file. [[Glenn|geychaner@mac.com]] +Question: Do ikiwiki.cgi and the RCS post-commit script sanitize the $PATH separately from bin/ikiwiki? If not, then bin/ikiwiki is probably right to sanitize the $PATH; otherwise you've created a security hole with access to the account that ikiwiki is SUID to. It'd be nice if /opt/local/bin were earlier in the $PATH, but that can be changed (as noted) in the setup file. [[Glenn|geychaner@mac.com]] (Also the person who started this by filing an issue with MacPorts; I'm experimenting with ikiwiki for collaborative documentation.) -- cgit v1.2.3 From 62c2fdbb257720cdbb79415437a3a312e5277ce6 Mon Sep 17 00:00:00 2001 From: "https://www.google.com/accounts/o8/id?id=AItOawngqGADV9fidHK5qabIzKN0bx1ZIfvaTqs" Date: Sun, 12 Sep 2010 22:53:01 +0000 Subject: Hopefully solve it myself, based on comments found elsewhere. --- doc/forum/using_svn+ssh_with_ikiwiki.mdwn | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/forum/using_svn+ssh_with_ikiwiki.mdwn b/doc/forum/using_svn+ssh_with_ikiwiki.mdwn index ce271722c..8d9c27e46 100644 --- a/doc/forum/using_svn+ssh_with_ikiwiki.mdwn +++ b/doc/forum/using_svn+ssh_with_ikiwiki.mdwn @@ -7,3 +7,5 @@ I think this is because, despite a SetEnv directive in the apache configuration, > That seems likely. You can edit Wrapper.pm and add SVN_SSH to the @envsave list and rebuild your wrappers to test it. --Joey A better way(?) would be to add a plugin to set the SVN_SSH variable at the appropriate moment (or even to add this to the SVN plugin). What kind of hook should this be; it needs to run just *after* the CGI script cleans its environment? --[[Glenn|geychaner@mac.com]] + +Actually, this probably doesn't need to be a plugin; setting SVN_SSH in ENV can probably be done through the setup file. (Right?) --[[Glenn|geychaner@mac.com]] -- cgit v1.2.3 From a52ef8d746bacdf3137effe03393c0ef06cc7917 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 12 Sep 2010 18:53:34 -0400 Subject: response --- doc/bugs/ikiwiki_ignores_PATH_environment.mdwn | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn b/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn index 1cf99d826..6781d4b4b 100644 --- a/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn +++ b/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn @@ -18,3 +18,7 @@ This makes it a little hard to specify which specific binaries should be used, e > that. [[done]] --[[Joey]] Question: Do ikiwiki.cgi and the RCS post-commit script sanitize the $PATH separately from bin/ikiwiki? If not, then bin/ikiwiki is probably right to sanitize the $PATH; otherwise you've created a security hole with access to the account that ikiwiki is SUID to. It'd be nice if /opt/local/bin were earlier in the $PATH, but that can be changed (as noted) in the setup file. [[Glenn|geychaner@mac.com]] (Also the person who started this by filing an issue with MacPorts; I'm experimenting with ikiwiki for collaborative documentation.) + +> The suid wrappers remove all environment variables except for a few used +> for CGI. PATH is not propigated by them, so when they run ikiwiki it will +> get the system's default path now. --[[Joey]] -- cgit v1.2.3