* Various CSS and formatting changes.

[git.ikiwiki.info.git] / doc / security.mdwn

diff --git a/doc/security.mdwn b/doc/security.mdwn
index e72b3fe2bdf2af7de90ae2766c337f83ae933e43..b3b5b6f3ee98a5be03a4cdfc80433d09c0e343cd 100644 (file)
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -18,6 +18,14 @@ Anyone with direct commit access can forge "web commit from foo" and
 make it appear on [[RecentChanges]] like foo committed. One way to avoid
 this would be to limit web commits to those done by a certian user.
 
 make it appear on [[RecentChanges]] like foo committed. One way to avoid
 this would be to limit web commits to those done by a certian user.
 

+## XML::Parser
+
+XML::Parser is used by the aggregation plugin, and has some security holes
+that are still open in Debian unstable as of this writing. #378411 does not
+seem to affect our use, since the data is not encoded as utf-8 at that
+point. #378412 could affect us, although it doesn't seem very exploitable.
+It has a simple fix, which should be NMUed or something..
+

 ## other stuff to look at
 
 I need to audit the git backend a bit, and have been meaning to
 ## other stuff to look at
 
 I need to audit the git backend a bit, and have been meaning to


@@ -83,6 +91,10 @@ _(AKA, the assumptions that will be the root of most security holes...)_
 Someone could add bad content to the wiki and hope to exploit ikiwiki.
 Note that ikiwiki runs with perl taint checks on, so this is unlikely.
 
 Someone could add bad content to the wiki and hope to exploit ikiwiki.
 Note that ikiwiki runs with perl taint checks on, so this is unlikely.
 

+One fun thing in ikiwiki is its handling of a PageSpec, which involves
+translating it into perl and running the perl. Of course, this is done
+*very* carefully to guard against injecting arbitrary perl code.
+

 ## publishing cgi scripts
 
 ikiwiki does not allow cgi scripts to be published as part of the wiki. Or
 ## publishing cgi scripts
 
 ikiwiki does not allow cgi scripts to be published as part of the wiki. Or