Added a comment: Please do not patch out the symlink check

author smcv <smcv@web>

Fri, 26 May 2017 06:20:23 +0000 (02:20 -0400)

committer admin <admin@branchable.com>

Fri, 26 May 2017 06:20:23 +0000 (02:20 -0400)
author smcv <smcv@web>
Fri, 26 May 2017 06:20:23 +0000 (02:20 -0400)
committer admin <admin@branchable.com>
Fri, 26 May 2017 06:20:23 +0000 (02:20 -0400)
diff --git a/doc/forum/An_assets_directory_for_my_wiki_with_git_lfs_or_annex__63__/comment_2_84b6b804bdea2fc090d7ace65dcdaeb8._comment b/doc/forum/An_assets_directory_for_my_wiki_with_git_lfs_or_annex__63__/comment_2_84b6b804bdea2fc090d7ace65dcdaeb8._comment

new file mode 100644 (file)

index 0000000..e860110
--- /dev/null
+++ b/doc/forum/An_assets_directory_for_my_wiki_with_git_lfs_or_annex__63__/comment_2_84b6b804bdea2fc090d7ace65dcdaeb8._comment
@@ -0,0 +1,19 @@
+[[!comment format=mdwn
+ username="smcv"
+ avatar="http://cdn.libravatar.org/avatar/0ee943fe632ff995f6f0f25b7167d03b"
+ subject="Please do not patch out the symlink check"
+ date="2017-05-26T06:20:22Z"
+ content="""
+The check for symbolic links avoids a security vulnerability. Please do not patch
+it out. We will not support versions of ikiwiki that have been modified in this way.
+
+(In particular, if your wiki has more than one committer, then the other committers
+can use symbolic links to leak the contents of any file that is readable by
+the wiki.)
+
+If you want to store a separate assets directory, I would recommend using an
+underlay directory. You can use git-annex for this if it is placed in direct mode.
+
+I do want to support git-annex and some limited/safe subset of symlinks in
+ikiwiki, but not until we can do that without introducing a security flaw.
+"""]]
author	smcv <smcv@web>
	Fri, 26 May 2017 06:20:23 +0000 (02:20 -0400)
committer	admin <admin@branchable.com>
	Fri, 26 May 2017 06:20:23 +0000 (02:20 -0400)