X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/ae0475367c079624b6386cd421356b02995caebe..b73debadba7994ecb882b3405376e3d7ece124ef:/doc/security.mdwn

diff --git a/doc/security.mdwn b/doc/security.mdwn
index 5fda9e678..63d140ec5 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -50,6 +50,13 @@ It's actually possible to force a whole series of svn commits to appear to have
 
 ikiwiki escapes any html in svn commit logs to prevent other mischief.
 
+## page locking can be bypassed via direct svn commits
+
+A [[lock]]ed page can only be edited on the web by an admin, but
+anyone who is allowed to commit direct to svn can bypass this. This is by
+design, although a subversion pre-commit hook could be used to prevent
+editing of locked pages when using subversion, if you really need to.
+
 ----
 
 # Hopefully non-holes
@@ -136,4 +143,4 @@ directory with a symlink and trick it into following the link.
 
 Also, if someone checks in a symlink to /etc/passwd, ikiwiki would read and publish that, which could be used to expose files a committer otherwise wouldn't see.
 
-To avoid this, ikiwiki will avoid reading files that are symlinks, and uses locking to prevent more than one instance running at a time. The lock prevents one ikiwiki from running a svn up at the wrong time to race another ikiwiki. So only attackers who can write to the working copy on their own can race it.
\ No newline at end of file
+To avoid this, ikiwiki will avoid reading files that are symlinks, and uses locking to prevent more than one instance running at a time. The lock prevents one ikiwiki from running a svn up at the wrong time to race another ikiwiki. So only attackers who can write to the working copy on their own can race it.