X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/9d63be9af97a8105b1d11b5f2dd0db22bae27c58..e31a892575808b10025c06d1ad3228f7426686ad:/doc/security.mdwn?ds=inline diff --git a/doc/security.mdwn b/doc/security.mdwn index 154566cd8..01a893d20 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -80,7 +80,7 @@ they can try to use this to exploit your web server. _(AKA, the assumptions that will be the root of most security holes...)_ -## exploting ikiwiki with bad content +## exploiting ikiwiki with bad content Someone could add bad content to the wiki and hope to exploit ikiwiki. Note that ikiwiki runs with perl taint checks on, so this is unlikely. @@ -279,3 +279,17 @@ Various directives that cause one page to be included into another could be exploited to DOS the wiki, by causing a loop. Ikiwiki has always guarded against this one way or another; the current solution should detect all types of loops involving preprocessor directives. + +## Online editing of existing css and images + +A bug in ikiwiki allowed the web-based editor to edit any file that was in +the wiki, not just files that are page sources. So an attacker (or a +genuinely helpful user, which is how the hole came to light) could edit +files like style.css. It is also theoretically possible that an attacker +could have used this hole to edit images or other files in the wiki, with +some difficulty, since all editing would happen in a textarea. + +This hole was discovered on 10 Feb 2007 and fixed the same day with the +release of ikiwiki 1.42. A fix was also backported to Debian etch, as +version 1.33.1. I recommend upgrading to one of these versions if your wiki +allows web editing.