From: smcv Date: Wed, 22 Jun 2016 08:05:32 +0000 (-0400) Subject: yes, not committing the setup file to the same VCS is a security thing X-Git-Tag: debian/3.20160728~16 X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/commitdiff_plain/ec371adab1109b338a3de473298b41140ec5017e?ds=inline yes, not committing the setup file to the same VCS is a security thing --- diff --git a/doc/setup/byhand/discussion.mdwn b/doc/setup/byhand/discussion.mdwn index 4d009f20d..6fc931ad3 100644 --- a/doc/setup/byhand/discussion.mdwn +++ b/doc/setup/byhand/discussion.mdwn @@ -13,3 +13,8 @@ The page says *"Note that this file should **not** be put in your wiki's directo One possible thing is security: Is it just a precaution or would anyone with "write" access to wiki be able to replace the file? --[[Martian]] + +> Anyone with the ability to delete/replace attachments via the web UI, or the ability +> to commit directly to the VCS, would be able to replace it. That breaks ikiwiki's +> security model, because replacing the setup file is sufficient to achieve +> arbitrary code execution as the user running the CGI and VCS hooks. --[[smcv]]