X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/2c0b310cc208b08fded4fe7e80cc3efbc4112c56..1a99ccdd84d685d7955eec8ad3e0b9871a959400:/doc/security.mdwn diff --git a/doc/security.mdwn b/doc/security.mdwn index b3b5b6f3e..dc763ef40 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -18,14 +18,6 @@ Anyone with direct commit access can forge "web commit from foo" and make it appear on [[RecentChanges]] like foo committed. One way to avoid this would be to limit web commits to those done by a certian user. -## XML::Parser - -XML::Parser is used by the aggregation plugin, and has some security holes -that are still open in Debian unstable as of this writing. #378411 does not -seem to affect our use, since the data is not encoded as utf-8 at that -point. #378412 could affect us, although it doesn't seem very exploitable. -It has a simple fix, which should be NMUed or something.. - ## other stuff to look at I need to audit the git backend a bit, and have been meaning to @@ -153,6 +145,13 @@ with a username containing html code (anymore). It's difficult to know for sure if all such avenues have really been closed though. +## HTML::Template security + +If the [[plugins/template]] plugin is enabled, users can modify templates +like any other part of the wiki. This assumes that HTML::Template is secure +when used with untrusted/malicious templates. (Note that includes are not +allowed, so that's not a problem.) + ---- # Fixed holes @@ -246,3 +245,12 @@ have come just before yours, by forging svn log output. This was guarded against by using svn log --xml. ikiwiki escapes any html in svn commit logs to prevent other mischief. + +## XML::Parser + +XML::Parser is used by the aggregation plugin, and has some security holes. +Bug #[378411](http://bugs.debian.org/378411) does not +seem to affect our use, since the data is not encoded as utf-8 at that +point. #[378412](http://bugs.debian.org/378412) could affect us, although it +doesn't seem very exploitable. It has a simple fix, and has been fixed in +Debian unstable.