diff options
author | smcv <smcv@web> | 2016-06-22 04:05:32 -0400 |
---|---|---|
committer | admin <admin@branchable.com> | 2016-06-22 04:05:32 -0400 |
commit | ec371adab1109b338a3de473298b41140ec5017e (patch) | |
tree | e50028b78e71996a79817ff188061a575efe45d9 /doc/setup | |
parent | d4c7df992e4bac39b68a637cf541c351dce845f9 (diff) | |
download | ikiwiki-ec371adab1109b338a3de473298b41140ec5017e.tar ikiwiki-ec371adab1109b338a3de473298b41140ec5017e.tar.gz |
yes, not committing the setup file to the same VCS is a security thing
Diffstat (limited to 'doc/setup')
-rw-r--r-- | doc/setup/byhand/discussion.mdwn | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/setup/byhand/discussion.mdwn b/doc/setup/byhand/discussion.mdwn index 4d009f20d..6fc931ad3 100644 --- a/doc/setup/byhand/discussion.mdwn +++ b/doc/setup/byhand/discussion.mdwn @@ -13,3 +13,8 @@ The page says *"Note that this file should **not** be put in your wiki's directo One possible thing is security: Is it just a precaution or would anyone with "write" access to wiki be able to replace the file? --[[Martian]] + +> Anyone with the ability to delete/replace attachments via the web UI, or the ability +> to commit directly to the VCS, would be able to replace it. That breaks ikiwiki's +> security model, because replacing the setup file is sufficient to achieve +> arbitrary code execution as the user running the CGI and VCS hooks. --[[smcv]] |