summaryrefslogtreecommitdiff
path: root/doc/bugs/Symlinked_srcdir_requires_trailing_slash.mdwn
blob: cd74c2496bd4460e34e6a409a24ce6ddcd0f24c3 (plain)

If the srcdir is a symlink, Ikiwiki will not render the pages unless the srcdir has a trailing slash.

For example:

#!/bin/sh
set -x

REALSRCDIR=~/tmp/ikiwiki/wikiwc2
SRCDIR=~/tmp/ikiwiki/wikiwc
DESTDIR=~/tmp/ikiwiki/public_html/wiki/

echo "*** Testing without trailing slash."

rm -rf $REALSRCDIR $SRCDIR $DESTDIR

# Create the real srcdir and link the srcdir to it
mkdir -p $REALSRCDIR
ln -s $REALSRCDIR $SRCDIR

mkdir -p $DESTDIR

echo Test > $SRCDIR/index.mdwn

# No trailing slash after $SRCDIR
ikiwiki --verbose $SRCDIR $DESTDIR --url=http://example.org/~you/wiki/ --underlaydir /dev/null

echo "*** Testing with trailing slash."

rm -rf $REALSRCDIR $SRCDIR $DESTDIR

# Create the real srcdir and link the srcdir to it
mkdir -p $REALSRCDIR
ln -s $REALSRCDIR $SRCDIR

mkdir -p $DESTDIR

echo Test > $SRCDIR/index.mdwn

# Trailing slash after $SRCDIR
ikiwiki --verbose $SRCDIR/ $DESTDIR --url=http://example.org/~you/wiki/ --underlaydir /dev/null

My output:

+ REALSRCDIR=/home/svend/tmp/ikiwiki/wikiwc2
+ SRCDIR=/home/svend/tmp/ikiwiki/wikiwc
+ DESTDIR=/home/svend/tmp/ikiwiki/public_html/wiki/
+ echo '*** Testing without trailing slash.'
*** Testing without trailing slash.
+ rm -rf /home/svend/tmp/ikiwiki/wikiwc2 /home/svend/tmp/ikiwiki/wikiwc /home/svend/tmp/ikiwiki/public_html/wiki/
+ mkdir -p /home/svend/tmp/ikiwiki/wikiwc2
+ ln -s /home/svend/tmp/ikiwiki/wikiwc2 /home/svend/tmp/ikiwiki/wikiwc
+ mkdir -p /home/svend/tmp/ikiwiki/public_html/wiki/
+ echo Test
+ ikiwiki --verbose /home/svend/tmp/ikiwiki/wikiwc /home/svend/tmp/ikiwiki/public_html/wiki/ --url=http://example.org/~you/wiki/ --underlaydir /dev/null
+ echo '*** Testing with trailing slash.'
*** Testing with trailing slash.
+ rm -rf /home/svend/tmp/ikiwiki/wikiwc2 /home/svend/tmp/ikiwiki/wikiwc /home/svend/tmp/ikiwiki/public_html/wiki/
+ mkdir -p /home/svend/tmp/ikiwiki/wikiwc2
+ ln -s /home/svend/tmp/ikiwiki/wikiwc2 /home/svend/tmp/ikiwiki/wikiwc
+ mkdir -p /home/svend/tmp/ikiwiki/public_html/wiki/
+ echo Test
+ ikiwiki --verbose /home/svend/tmp/ikiwiki/wikiwc/ /home/svend/tmp/ikiwiki/public_html/wiki/ --url=http://example.org/~you/wiki/ --underlaydir /dev/null
scanning index.mdwn
rendering index.mdwn

Note that index.mdwn was only rendered when srcdir had a trailing slash.

There are potential [[security]] issues with ikiwiki following a symlink, even if it's just a symlink at the top level of the srcdir. Consider ikiwiki.info's own setup, where the srcdir is ikiwiki/doc, checked out of revision control. A malicious committer could convert ikiwiki/doc into a symlink to /etc, then ikiwiki would happily publish all of /etc to the web.

This kind of attack is why ikiwiki does not let File::Find follow symlinks when scanning the srcdir. By appending the slash, you're actually bypassing that check. Ikiwiki should not let you set up a potentially insecure configuration like that. More discussion of this hole [[here|security#index29h2]], and I've had to release a version of ikiwiki that explicitly checks for that, and fails to work. Sorry, but security trumps convenience. [[done]] --[[Joey]]