yes, not committing the setup file to the same VCS is a security thing

author smcv <smcv@web>

Wed, 22 Jun 2016 08:05:32 +0000 (04:05 -0400)

committer admin <admin@branchable.com>

Wed, 22 Jun 2016 08:05:32 +0000 (04:05 -0400)
author smcv <smcv@web>
Wed, 22 Jun 2016 08:05:32 +0000 (04:05 -0400)
committer admin <admin@branchable.com>
Wed, 22 Jun 2016 08:05:32 +0000 (04:05 -0400)
diff --git a/doc/setup/byhand/discussion.mdwn b/doc/setup/byhand/discussion.mdwn

index 4d009f20d75a2592574dc839a6160fca64e710f2..6fc931ad3b5b8e04c2d1a79db50eaa42ef50bb25 100644 (file)
--- a/doc/setup/byhand/discussion.mdwn
+++ b/doc/setup/byhand/discussion.mdwn
@@ -13,3 +13,8 @@ The page says *"Note that this file should **not** be put in your wiki's directo
  One possible thing is security: Is it just a precaution or would anyone with "write" access to wiki be able to replace the file?
  
   --[[Martian]]
+
+> Anyone with the ability to delete/replace attachments via the web UI, or the ability
+> to commit directly to the VCS, would be able to replace it. That breaks ikiwiki's
+> security model, because replacing the setup file is sufficient to achieve
+> arbitrary code execution as the user running the CGI and VCS hooks. --[[smcv]]
author	smcv <smcv@web>
	Wed, 22 Jun 2016 08:05:32 +0000 (04:05 -0400)
committer	admin <admin@branchable.com>
	Wed, 22 Jun 2016 08:05:32 +0000 (04:05 -0400)