From 25ba5d260cf2632ec1a09645c76784b784de58b7 Mon Sep 17 00:00:00 2001 From: smcv Date: Fri, 26 May 2017 02:20:23 -0400 Subject: [PATCH] Added a comment: Please do not patch out the symlink check --- ..._84b6b804bdea2fc090d7ace65dcdaeb8._comment | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 doc/forum/An_assets_directory_for_my_wiki_with_git_lfs_or_annex__63__/comment_2_84b6b804bdea2fc090d7ace65dcdaeb8._comment diff --git a/doc/forum/An_assets_directory_for_my_wiki_with_git_lfs_or_annex__63__/comment_2_84b6b804bdea2fc090d7ace65dcdaeb8._comment b/doc/forum/An_assets_directory_for_my_wiki_with_git_lfs_or_annex__63__/comment_2_84b6b804bdea2fc090d7ace65dcdaeb8._comment new file mode 100644 index 000000000..e86011003 --- /dev/null +++ b/doc/forum/An_assets_directory_for_my_wiki_with_git_lfs_or_annex__63__/comment_2_84b6b804bdea2fc090d7ace65dcdaeb8._comment @@ -0,0 +1,19 @@ +[[!comment format=mdwn + username="smcv" + avatar="http://cdn.libravatar.org/avatar/0ee943fe632ff995f6f0f25b7167d03b" + subject="Please do not patch out the symlink check" + date="2017-05-26T06:20:22Z" + content=""" +The check for symbolic links avoids a security vulnerability. Please do not patch +it out. We will not support versions of ikiwiki that have been modified in this way. + +(In particular, if your wiki has more than one committer, then the other committers +can use symbolic links to leak the contents of any file that is readable by +the wiki.) + +If you want to store a separate assets directory, I would recommend using an +underlay directory. You can use git-annex for this if it is placed in direct mode. + +I do want to support git-annex and some limited/safe subset of symlinks in +ikiwiki, but not until we can do that without introducing a security flaw. +"""]]