aboutsummaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2006-03-11 05:41:25 +0000
committerjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2006-03-11 05:41:25 +0000
commit965afd875cd168713e9351d3c4c992c31f0bea0a (patch)
treec4c6a38c0af52efa8fa117f7c6a9242d83226191 /doc
parent69d70eb3ba8c0bc17096cfb2afec844a78746137 (diff)
downloadikiwiki-965afd875cd168713e9351d3c4c992c31f0bea0a.tar
ikiwiki-965afd875cd168713e9351d3c4c992c31f0bea0a.tar.gz
up
Diffstat (limited to 'doc')
-rw-r--r--doc/bugs.mdwn2
-rw-r--r--doc/security.mdwn8
-rw-r--r--doc/todo.mdwn7
3 files changed, 11 insertions, 6 deletions
diff --git a/doc/bugs.mdwn b/doc/bugs.mdwn
index b1332fae5..45b6dd824 100644
--- a/doc/bugs.mdwn
+++ b/doc/bugs.mdwn
@@ -10,3 +10,5 @@
"Host key verification failed."
I think that the setuid isn't fully taking; it should be running as me,
but commit log shows www-data. So maybe it has the wrong username?
+* Can't put the source in a directory named .source; the page finder skips
+ that due to too broad exclusion of any dotfile in a path.
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 7b056fd6c..b72621111 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -74,6 +74,12 @@ Even with locking, if an attacker has local write access to the checkout,
they could still fool ikiwiki using similar races. So it's best if only one
person can ever write to the checkout that ikiwiki compiles the moo from.
+## webserver symlink attacks
+
+If someone checks in a symlink to /etc/passwd, ikiwiki would publish that.
+To aoid this, ikiwiki will need to avoid reading files that are symlinks.
+TODO and note discussion of races above.
+
## cgi security
When ikiwiki runs as a cgi to edit a page, it is passed the name of the
@@ -82,4 +88,4 @@ editing of ../../../foo, or editing of files that are not part of the wiki,
such as subversion dotfiles. This is done by sanitising the filename
removing unallowed characters, then making sure it doesn't start with "/"
or contain ".." or "/.svn/". Annoyingly ad-hoc, this kind of code is where
-security holes breed.
+security holes breed. It needs a test suite at the very least.
diff --git a/doc/todo.mdwn b/doc/todo.mdwn
index ef3600d43..c3b26ef7b 100644
--- a/doc/todo.mdwn
+++ b/doc/todo.mdwn
@@ -6,12 +6,9 @@
* No support for web user tracking/login yet.
* Doesn't svn commit yet.
-## [[RecentChanges]]
+## recentchanges
-This will need to be another cgi script, that grubs through the
-[[Subversion]] logs.
-
-This should support RSS for notification of new and changed pages.
+Should support RSS for notification of new and changed pages.
## page history