diff options
| author | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-04-25 06:02:38 +0000 |
|---|---|---|
| committer | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-04-25 06:02:38 +0000 |
| commit | 2c64a9f6f1fc2996d61a055339e6afd7d470495a (patch) | |
| tree | 96cb747191f097e8f117e5cec7362fb9231ced6d /doc/security.mdwn | |
| parent | bfa96ad2827ebae0d0288d201c1a730a8d7784e1 (diff) | |
| download | ikiwiki-2c64a9f6f1fc2996d61a055339e6afd7d470495a.tar ikiwiki-2c64a9f6f1fc2996d61a055339e6afd7d470495a.tar.gz | |
security update
Diffstat (limited to 'doc/security.mdwn')
| -rw-r--r-- | doc/security.mdwn | 40 |
1 files changed, 25 insertions, 15 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn index 75e91a8a2..956351d70 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -10,21 +10,6 @@ to be kept in mind. # Probable holes -## XSS holes in CGI output - -ikiwiki has not yet been audited to ensure that all cgi script input/output is -sanitised to prevent XSS attacks. - -## image file etc attacks - -If it enounters a file type it does not understand, ikiwiki just copies it -into place. So if you let users add any kind of file they like, they can -upload images, movies, windows executables, css files, etc (though not html -files). If these files exploit security holes in the browser of someone -who's viewing the wiki, that can be a security problem. - -Of course nobody else seems to worry about this in other wikis, so should we? - ## svn commit logs Anyone with svn commit access can forge "web commit from foo" and make it @@ -43,6 +28,22 @@ ikiwiki escapes any html in svn commit logs to prevent other mischief. _(Things not to do.)_ +## image file etc attacks + +If it enounters a file type it does not understand, ikiwiki just copies it +into place. So if you let users add any kind of file they like, they can +upload images, movies, windows executables, css files, etc (though not html +files). If these files exploit security holes in the browser of someone +who's viewing the wiki, that can be a security problem. + +Of course nobody else seems to worry about this in other wikis, so should we? + +Currently only people with direct svn commit access can upload such files +(and if you wanted to you could block that with a svn pre-commit hook). +Wsers with only web commit access are limited to editing pages as ikiwiki +doesn't support file uploads from browsers (yet), so they can't exploit +this. + ## multiple accessors of wiki directory If multiple people can write to the source directory ikiwiki is using, or @@ -130,6 +131,15 @@ Login to the wiki involves sending a password in cleartext over the net. Cracking the password only allows editing the wiki as that user though. If you care, you can use https, I suppose. +## XSS holes in CGI output + +ikiwiki has not yet been audited to ensure that all cgi script input/output +is sanitised to prevent XSS attacks. For example, a user can't register +with a username containing html code (anymore). + +It's difficult to know for sure if all such avenues have really been +closed though. + ---- # Fixed holes |