From: Joey Hess Date: Sun, 12 Sep 2010 22:53:40 +0000 (-0400) Subject: Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info X-Git-Tag: 3.20100915~18 X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/commitdiff_plain/32a12f83f403ca5e1e2bfdb769b73141fab7f603?hp=62c2fdbb257720cdbb79415437a3a312e5277ce6 Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info --- diff --git a/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn b/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn index 1cf99d826..6781d4b4b 100644 --- a/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn +++ b/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn @@ -18,3 +18,7 @@ This makes it a little hard to specify which specific binaries should be used, e > that. [[done]] --[[Joey]] Question: Do ikiwiki.cgi and the RCS post-commit script sanitize the $PATH separately from bin/ikiwiki? If not, then bin/ikiwiki is probably right to sanitize the $PATH; otherwise you've created a security hole with access to the account that ikiwiki is SUID to. It'd be nice if /opt/local/bin were earlier in the $PATH, but that can be changed (as noted) in the setup file. [[Glenn|geychaner@mac.com]] (Also the person who started this by filing an issue with MacPorts; I'm experimenting with ikiwiki for collaborative documentation.) + +> The suid wrappers remove all environment variables except for a few used +> for CGI. PATH is not propigated by them, so when they run ikiwiki it will +> get the system's default path now. --[[Joey]]