Photos
Blog
Projects
vanrenterghem.biz
projects
/
git.ikiwiki.info.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
HTML-escape error messages (CVE-2016-4561)
[git.ikiwiki.info.git]
/
doc
/
bugs
/
Insecure_dependency_in_utime.mdwn
diff --git
a/doc/bugs/Insecure_dependency_in_utime.mdwn
b/doc/bugs/Insecure_dependency_in_utime.mdwn
index f10905849b946e4bcb6c8856d226e64c62724ee5..330479d224bbafd9c334ac52869900104abb163d 100644
(file)
--- a/
doc/bugs/Insecure_dependency_in_utime.mdwn
+++ b/
doc/bugs/Insecure_dependency_in_utime.mdwn
@@
-6,3
+6,9
@@
This was in ikiwiki\_2.32.3.
I worked-around this by doing:
utime IkiWiki::possibly_foolish_untaint($change->{when}), IkiWiki::possibly_foolish_untaint($change->{when}), "$config{srcdir}/$file
I worked-around this by doing:
utime IkiWiki::possibly_foolish_untaint($change->{when}), IkiWiki::possibly_foolish_untaint($change->{when}), "$config{srcdir}/$file
+
+> Don't build ikiwiki with taint checking. It's known to be broken in
+> apparently all versions of perl, apparently leaking taint flags at random.
+> See [[Insecure_dependency_in_mkdir]] --[[Joey]]
+
+[[!tag done]]