aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess <joey@kitenet.net>2010-09-12 18:53:34 -0400
committerJoey Hess <joey@kitenet.net>2010-09-12 18:53:34 -0400
commita52ef8d746bacdf3137effe03393c0ef06cc7917 (patch)
tree663947955c349ee626d1bc66128b98d9bad82735
parentf6127eb9fa53d375f6ad3d079c75a279c268e9cd (diff)
downloadikiwiki-a52ef8d746bacdf3137effe03393c0ef06cc7917.tar
ikiwiki-a52ef8d746bacdf3137effe03393c0ef06cc7917.tar.gz
response
-rw-r--r--doc/bugs/ikiwiki_ignores_PATH_environment.mdwn4
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn b/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn
index 1cf99d826..6781d4b4b 100644
--- a/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn
+++ b/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn
@@ -18,3 +18,7 @@ This makes it a little hard to specify which specific binaries should be used, e
> that. [[done]] --[[Joey]]
Question: Do ikiwiki.cgi and the RCS post-commit script sanitize the $PATH separately from bin/ikiwiki? If not, then bin/ikiwiki is probably right to sanitize the $PATH; otherwise you've created a security hole with access to the account that ikiwiki is SUID to. It'd be nice if /opt/local/bin were earlier in the $PATH, but that can be changed (as noted) in the setup file. [[Glenn|geychaner@mac.com]] (Also the person who started this by filing an issue with MacPorts; I'm experimenting with ikiwiki for collaborative documentation.)
+
+> The suid wrappers remove all environment variables except for a few used
+> for CGI. PATH is not propigated by them, so when they run ikiwiki it will
+> get the system's default path now. --[[Joey]]