X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/dc355135225f5c61be09401b8828d8e165433c9c..fc0b70e700ca9d029e5aedd013b00de0cf793993:/doc/security.mdwn diff --git a/doc/security.mdwn b/doc/security.mdwn index e72b3fe2b..723c01863 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -6,6 +6,8 @@ security issues with this program than with cat(1). If, however, you let others edit pages in your wiki, then some possible security issues do need to be kept in mind. +[[toc levels=2]] + ---- # Probable holes @@ -83,6 +85,10 @@ _(AKA, the assumptions that will be the root of most security holes...)_ Someone could add bad content to the wiki and hope to exploit ikiwiki. Note that ikiwiki runs with perl taint checks on, so this is unlikely. +One fun thing in ikiwiki is its handling of a PageSpec, which involves +translating it into perl and running the perl. Of course, this is done +*very* carefully to guard against injecting arbitrary perl code. + ## publishing cgi scripts ikiwiki does not allow cgi scripts to be published as part of the wiki. Or @@ -130,7 +136,9 @@ file not be world readable. Login to the wiki involves sending a password in cleartext over the net. Cracking the password only allows editing the wiki as that user though. -If you care, you can use https, I suppose. +If you care, you can use https, I suppose. If you do use https either for +all of the wiki, or just the cgi access, then consider using the sslcookie +option. ## XSS holes in CGI output @@ -141,6 +149,27 @@ with a username containing html code (anymore). It's difficult to know for sure if all such avenues have really been closed though. +## HTML::Template security + +If the [[plugins/template]] plugin is enabled, users can modify templates +like any other part of the wiki. This assumes that HTML::Template is secure +when used with untrusted/malicious templates. (Note that includes are not +allowed, so that's not a problem.) + +---- + +# Plugins + +The security of [[plugins]] depends on how well they're written and what +external tools they use. The plugins included in ikiwiki are all held to +the same standards as the rest of ikiwiki, but with that said, here are +some security notes for them. + +* The [[plugins/img]] plugin assumes that imagemagick/perlmagick are secure + from malformed image attacks. Imagemagick has had security holes in the + past. To be able to exploit such a hole, a user would need to be able to + upload images to the wiki. + ---- # Fixed holes @@ -234,3 +263,19 @@ have come just before yours, by forging svn log output. This was guarded against by using svn log --xml. ikiwiki escapes any html in svn commit logs to prevent other mischief. + +## XML::Parser + +XML::Parser is used by the aggregation plugin, and has some security holes. +Bug #[378411](http://bugs.debian.org/378411) does not +seem to affect our use, since the data is not encoded as utf-8 at that +point. #[378412](http://bugs.debian.org/378412) could affect us, although it +doesn't seem very exploitable. It has a simple fix, and has been fixed in +Debian unstable. + +## include loops + +Various directives that cause one page to be included into another could +be exploited to DOS the wiki, by causing a loop. Ikiwiki has always guarded +against this one way or another; the current solution should detect all +types of loops involving preprocessor directives.