security and comments

author: Joey Hess <joey@gnu.kitenet.net> 2009-12-01 16:04:18 -0500
committer: Joey Hess <joey@gnu.kitenet.net> 2009-12-01 16:08:21 -0500
commit: db746519ebca6495342d836a77c0664977ee0d99 (patch)
tree: dbe729b02c30bec09f5544176bc3e1b242abd395 /doc/plugins/contrib/xslt
parent: b042e4a0511a77df97d1be0657a2621bf1a1de1a (diff)
download: ikiwiki-db746519ebca6495342d836a77c0664977ee0d99.tar
ikiwiki-db746519ebca6495342d836a77c0664977ee0d99.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/doc/plugins/contrib/xslt/discussion.mdwn b/doc/plugins/contrib/xslt/discussion.mdwn
new file mode 100644
index 000000000..a549681de
--- /dev/null
+++ b/doc/plugins/contrib/xslt/discussion.mdwn
@@ -0,0 +1,16 @@
+## security
+
+I'm curious what the security implications of having this plugin on a
+publically writable wiki are.
+
+First, it looks like the way it looks up the stylesheet file will happily
+use a regular .mdwn wiki page as the stylsheet. Which means any user can
+create a stylesheet and have it be used, without needing permission to
+upload arbitrary files. That probably needs to be fixed; one way would be
+to mandate that the `srcfile` has a `.xsl` extension.
+
+Secondly, if an attacker is able to upload a stylesheet file somehow, could
+this be used to attack the server where it is built? I know that xslt is
+really a full programming language, so I assume at least DOS attacks are
+possible. Can it also read other arbitrary files, run other programs, etc?
+--[[Joey]]
author	Joey Hess <joey@gnu.kitenet.net>	2009-12-01 16:04:18 -0500
committer	Joey Hess <joey@gnu.kitenet.net>	2009-12-01 16:08:21 -0500
commit	db746519ebca6495342d836a77c0664977ee0d99 (patch)
tree	dbe729b02c30bec09f5544176bc3e1b242abd395 /doc/plugins/contrib/xslt
parent	b042e4a0511a77df97d1be0657a2621bf1a1de1a (diff)
download	ikiwiki-db746519ebca6495342d836a77c0664977ee0d99.tar ikiwiki-db746519ebca6495342d836a77c0664977ee0d99.tar.gz