author: https://www.google.com/accounts/o8/id?id=AItOawngqGADV9fidHK5qabIzKN0bx1ZIfvaTqs <Glenn@web> 2010-09-12 22:48:49 +0000
committer: Joey Hess <joey@kitenet.net> 2010-09-12 22:48:49 +0000
commit: 827bd1d99027b845cb2fbc9f87200b5316f449c6 (patch)
tree: 9ac9e59858c3b0a28510349672a8ff5d6ffb8267 /doc/bugs
parent: f4392bc4dd3be5833b8a7b3c1b37515a7e3b3b1f (diff)
download: ikiwiki-827bd1d99027b845cb2fbc9f87200b5316f449c6.tar
ikiwiki-827bd1d99027b845cb2fbc9f87200b5316f449c6.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn b/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn
index 5097acaef..992ea0a2a 100644
--- a/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn
+++ b/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn
@@ -16,3 +16,5 @@ This makes it a little hard to specify which specific binaries should be used, e
 > The ikiwiki script's own sanitization of PATH was done to make perl taint
 > checking happy, but as taint checking is disabled anyway, I have removed
 > that. [[done]] --[[Joey]] 
+
+Question: Do ikiwiki.cgi and the RCS post-commit script sanitize the $PATH separately from bin/ikiwiki?  If not, then bin/ikiwiki is probably right to sanitize the $PATH; otherwise you've created a security hole with access to the account that ikiwiki is SUID to. It'd be nice if /opt/local/bin were earlier in the $PATH, but that can be changed (as noted) in the setup file. [[Glenn|geychaner@mac.com]]
author	https://www.google.com/accounts/o8/id?id=AItOawngqGADV9fidHK5qabIzKN0bx1ZIfvaTqs <Glenn@web>	2010-09-12 22:48:49 +0000
committer	Joey Hess <joey@kitenet.net>	2010-09-12 22:48:49 +0000
commit	827bd1d99027b845cb2fbc9f87200b5316f449c6 (patch)
tree	9ac9e59858c3b0a28510349672a8ff5d6ffb8267 /doc/bugs
parent	f4392bc4dd3be5833b8a7b3c1b37515a7e3b3b1f (diff)
download	ikiwiki-827bd1d99027b845cb2fbc9f87200b5316f449c6.tar ikiwiki-827bd1d99027b845cb2fbc9f87200b5316f449c6.tar.gz