X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/8a5f9f6e0047149040c50db571faac89ab443085..dd011356418c684b5cc41b4ccb77e158d6cec8eb:/doc/security.mdwn diff --git a/doc/security.mdwn b/doc/security.mdwn index 4db756e2e..65ebfd7b2 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -18,14 +18,6 @@ Anyone with direct commit access can forge "web commit from foo" and make it appear on [[RecentChanges]] like foo committed. One way to avoid this would be to limit web commits to those done by a certian user. -## XML::Parser - -XML::Parser is used by the aggregation plugin, and has some security holes -that are still open in Debian unstable as of this writing. #378411 does not -seem to affect our use, since the data is not encoded as utf-8 at that -point. #378412 could affect us, although it doesn't seem very exploitable. -It has a simple fix, which should be NMUed or something.. - ## other stuff to look at I need to audit the git backend a bit, and have been meaning to @@ -91,6 +83,10 @@ _(AKA, the assumptions that will be the root of most security holes...)_ Someone could add bad content to the wiki and hope to exploit ikiwiki. Note that ikiwiki runs with perl taint checks on, so this is unlikely. +One fun thing in ikiwiki is its handling of a PageSpec, which involves +translating it into perl and running the perl. Of course, this is done +*very* carefully to guard against injecting arbitrary perl code. + ## publishing cgi scripts ikiwiki does not allow cgi scripts to be published as part of the wiki. Or @@ -242,3 +238,12 @@ have come just before yours, by forging svn log output. This was guarded against by using svn log --xml. ikiwiki escapes any html in svn commit logs to prevent other mischief. + +## XML::Parser + +XML::Parser is used by the aggregation plugin, and has some security holes. +#[378411](http://bugs.debian.org/378411) does not +seem to affect our use, since the data is not encoded as utf-8 at that +point. #[378412](http://bugs.debian.org/378412) could affect us, although it +doesn't seem very exploitable. It has a simple fix, and has been fixed in +Debian unstable.