diff options
author | Joey Hess <joey@kitenet.net> | 2010-09-12 18:53:34 -0400 |
---|---|---|
committer | Joey Hess <joey@kitenet.net> | 2010-09-12 18:53:34 -0400 |
commit | a52ef8d746bacdf3137effe03393c0ef06cc7917 (patch) | |
tree | 663947955c349ee626d1bc66128b98d9bad82735 | |
parent | f6127eb9fa53d375f6ad3d079c75a279c268e9cd (diff) | |
download | ikiwiki-a52ef8d746bacdf3137effe03393c0ef06cc7917.tar ikiwiki-a52ef8d746bacdf3137effe03393c0ef06cc7917.tar.gz |
response
-rw-r--r-- | doc/bugs/ikiwiki_ignores_PATH_environment.mdwn | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn b/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn index 1cf99d826..6781d4b4b 100644 --- a/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn +++ b/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn @@ -18,3 +18,7 @@ This makes it a little hard to specify which specific binaries should be used, e > that. [[done]] --[[Joey]] Question: Do ikiwiki.cgi and the RCS post-commit script sanitize the $PATH separately from bin/ikiwiki? If not, then bin/ikiwiki is probably right to sanitize the $PATH; otherwise you've created a security hole with access to the account that ikiwiki is SUID to. It'd be nice if /opt/local/bin were earlier in the $PATH, but that can be changed (as noted) in the setup file. [[Glenn|geychaner@mac.com]] (Also the person who started this by filing an issue with MacPorts; I'm experimenting with ikiwiki for collaborative documentation.) + +> The suid wrappers remove all environment variables except for a few used +> for CGI. PATH is not propigated by them, so when they run ikiwiki it will +> get the system's default path now. --[[Joey]] |