From 827bd1d99027b845cb2fbc9f87200b5316f449c6 Mon Sep 17 00:00:00 2001 From: "https://www.google.com/accounts/o8/id?id=AItOawngqGADV9fidHK5qabIzKN0bx1ZIfvaTqs" Date: Sun, 12 Sep 2010 22:48:49 +0000 Subject: [PATCH] --- doc/bugs/ikiwiki_ignores_PATH_environment.mdwn | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn b/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn index 5097acaef..992ea0a2a 100644 --- a/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn +++ b/doc/bugs/ikiwiki_ignores_PATH_environment.mdwn @@ -16,3 +16,5 @@ This makes it a little hard to specify which specific binaries should be used, e > The ikiwiki script's own sanitization of PATH was done to make perl taint > checking happy, but as taint checking is disabled anyway, I have removed > that. [[done]] --[[Joey]] + +Question: Do ikiwiki.cgi and the RCS post-commit script sanitize the $PATH separately from bin/ikiwiki? If not, then bin/ikiwiki is probably right to sanitize the $PATH; otherwise you've created a security hole with access to the account that ikiwiki is SUID to. It'd be nice if /opt/local/bin were earlier in the $PATH, but that can be changed (as noted) in the setup file. [[Glenn|geychaner@mac.com]] -- 2.39.5