diff options
Diffstat (limited to 'doc/bugs/Symlinked_srcdir_requires_trailing_slash.mdwn')
| -rw-r--r-- | doc/bugs/Symlinked_srcdir_requires_trailing_slash.mdwn | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/doc/bugs/Symlinked_srcdir_requires_trailing_slash.mdwn b/doc/bugs/Symlinked_srcdir_requires_trailing_slash.mdwn new file mode 100644 index 000000000..cd74c2496 --- /dev/null +++ b/doc/bugs/Symlinked_srcdir_requires_trailing_slash.mdwn @@ -0,0 +1,81 @@ +If the srcdir is a symlink, Ikiwiki will not render the pages unless the srcdir has a trailing slash. + +For example: + + #!/bin/sh + set -x + + REALSRCDIR=~/tmp/ikiwiki/wikiwc2 + SRCDIR=~/tmp/ikiwiki/wikiwc + DESTDIR=~/tmp/ikiwiki/public_html/wiki/ + + echo "*** Testing without trailing slash." + + rm -rf $REALSRCDIR $SRCDIR $DESTDIR + + # Create the real srcdir and link the srcdir to it + mkdir -p $REALSRCDIR + ln -s $REALSRCDIR $SRCDIR + + mkdir -p $DESTDIR + + echo Test > $SRCDIR/index.mdwn + + # No trailing slash after $SRCDIR + ikiwiki --verbose $SRCDIR $DESTDIR --url=http://example.org/~you/wiki/ --underlaydir /dev/null + + echo "*** Testing with trailing slash." + + rm -rf $REALSRCDIR $SRCDIR $DESTDIR + + # Create the real srcdir and link the srcdir to it + mkdir -p $REALSRCDIR + ln -s $REALSRCDIR $SRCDIR + + mkdir -p $DESTDIR + + echo Test > $SRCDIR/index.mdwn + + # Trailing slash after $SRCDIR + ikiwiki --verbose $SRCDIR/ $DESTDIR --url=http://example.org/~you/wiki/ --underlaydir /dev/null + +My output: + + + REALSRCDIR=/home/svend/tmp/ikiwiki/wikiwc2 + + SRCDIR=/home/svend/tmp/ikiwiki/wikiwc + + DESTDIR=/home/svend/tmp/ikiwiki/public_html/wiki/ + + echo '*** Testing without trailing slash.' + *** Testing without trailing slash. + + rm -rf /home/svend/tmp/ikiwiki/wikiwc2 /home/svend/tmp/ikiwiki/wikiwc /home/svend/tmp/ikiwiki/public_html/wiki/ + + mkdir -p /home/svend/tmp/ikiwiki/wikiwc2 + + ln -s /home/svend/tmp/ikiwiki/wikiwc2 /home/svend/tmp/ikiwiki/wikiwc + + mkdir -p /home/svend/tmp/ikiwiki/public_html/wiki/ + + echo Test + + ikiwiki --verbose /home/svend/tmp/ikiwiki/wikiwc /home/svend/tmp/ikiwiki/public_html/wiki/ --url=http://example.org/~you/wiki/ --underlaydir /dev/null + + echo '*** Testing with trailing slash.' + *** Testing with trailing slash. + + rm -rf /home/svend/tmp/ikiwiki/wikiwc2 /home/svend/tmp/ikiwiki/wikiwc /home/svend/tmp/ikiwiki/public_html/wiki/ + + mkdir -p /home/svend/tmp/ikiwiki/wikiwc2 + + ln -s /home/svend/tmp/ikiwiki/wikiwc2 /home/svend/tmp/ikiwiki/wikiwc + + mkdir -p /home/svend/tmp/ikiwiki/public_html/wiki/ + + echo Test + + ikiwiki --verbose /home/svend/tmp/ikiwiki/wikiwc/ /home/svend/tmp/ikiwiki/public_html/wiki/ --url=http://example.org/~you/wiki/ --underlaydir /dev/null + scanning index.mdwn + rendering index.mdwn + +Note that index.mdwn was only rendered when srcdir had a trailing slash. + +> There are potential [[security]] issues with ikiwiki following a symlink, +> even if it's just a symlink at the top level of the srcdir. +> Consider ikiwiki.info's own setup, where the srcdir is ikiwiki/doc, +> checked out of revision control. A malicious committer could convert +> ikiwiki/doc into a symlink to /etc, then ikiwiki would happily publish +> all of /etc to the web. +> +> This kind of attack is why ikiwiki does not let File::Find follow +> symlinks when scanning the srcdir. By appending the slash, you're +> actually bypassing that check. Ikiwiki should not let you set +> up a potentially insecure configuration like that. More discussion of +> this hole [[here|security#index29h2]], and I've had to release +> a version of ikiwiki that explicitly checks for that, and fails to work. +> Sorry, but security trumps convenience. [[done]] --[[Joey]] |