web commit by EthanGlasserCamp: This is what I wanted.

[git.ikiwiki.info.git] / doc / security.mdwn

diff --git a/doc/security.mdwn b/doc/security.mdwn
index 9d7702dde3a09053fb09c27a9553a8829f4068e6..fea0eb727d655fe2c7452174b08e3d718e7aae40 100644 (file)
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -6,6 +6,8 @@ security issues with this program than with cat(1). If, however, you let
 others edit pages in your wiki, then some possible security issues do need
 to be kept in mind.
 
 others edit pages in your wiki, then some possible security issues do need
 to be kept in mind.
 

+[[toc levels=2]]
+

 ----
 
 # Probable holes
 ----
 
 # Probable holes


@@ -256,3 +258,10 @@ seem to affect our use, since the data is not encoded as utf-8 at that
 point. #[378412](http://bugs.debian.org/378412) could affect us, although it
 doesn't seem very exploitable. It has a simple fix, and has been fixed in
 Debian unstable.
 point. #[378412](http://bugs.debian.org/378412) could affect us, although it
 doesn't seem very exploitable. It has a simple fix, and has been fixed in
 Debian unstable.

+
+## include loops
+
+Various directives that cause one page to be included into another could
+be exploited to DOS the wiki, by causing a loop. Ikiwiki has always guarded
+against this one way or another; the current solution should detect all
+types of loops involving preprocessor directives.