X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/4ad7c9d6257ca106b2949d22f6300823190991a0..5a734d59115a38312ff739baacbc528dcfebba28:/doc/security.mdwn?ds=sidebyside diff --git a/doc/security.mdwn b/doc/security.mdwn index 9d7702dde..fea0eb727 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -6,6 +6,8 @@ security issues with this program than with cat(1). If, however, you let others edit pages in your wiki, then some possible security issues do need to be kept in mind. +[[toc levels=2]] + ---- # Probable holes @@ -256,3 +258,10 @@ seem to affect our use, since the data is not encoded as utf-8 at that point. #[378412](http://bugs.debian.org/378412) could affect us, although it doesn't seem very exploitable. It has a simple fix, and has been fixed in Debian unstable. + +## include loops + +Various directives that cause one page to be included into another could +be exploited to DOS the wiki, by causing a loop. Ikiwiki has always guarded +against this one way or another; the current solution should detect all +types of loops involving preprocessor directives.