security update
parent
bfa96ad282
commit
2c64a9f6f1
|
@ -10,21 +10,6 @@ to be kept in mind.
|
||||||
|
|
||||||
# Probable holes
|
# Probable holes
|
||||||
|
|
||||||
## XSS holes in CGI output
|
|
||||||
|
|
||||||
ikiwiki has not yet been audited to ensure that all cgi script input/output is
|
|
||||||
sanitised to prevent XSS attacks.
|
|
||||||
|
|
||||||
## image file etc attacks
|
|
||||||
|
|
||||||
If it enounters a file type it does not understand, ikiwiki just copies it
|
|
||||||
into place. So if you let users add any kind of file they like, they can
|
|
||||||
upload images, movies, windows executables, css files, etc (though not html
|
|
||||||
files). If these files exploit security holes in the browser of someone
|
|
||||||
who's viewing the wiki, that can be a security problem.
|
|
||||||
|
|
||||||
Of course nobody else seems to worry about this in other wikis, so should we?
|
|
||||||
|
|
||||||
## svn commit logs
|
## svn commit logs
|
||||||
|
|
||||||
Anyone with svn commit access can forge "web commit from foo" and make it
|
Anyone with svn commit access can forge "web commit from foo" and make it
|
||||||
|
@ -43,6 +28,22 @@ ikiwiki escapes any html in svn commit logs to prevent other mischief.
|
||||||
|
|
||||||
_(Things not to do.)_
|
_(Things not to do.)_
|
||||||
|
|
||||||
|
## image file etc attacks
|
||||||
|
|
||||||
|
If it enounters a file type it does not understand, ikiwiki just copies it
|
||||||
|
into place. So if you let users add any kind of file they like, they can
|
||||||
|
upload images, movies, windows executables, css files, etc (though not html
|
||||||
|
files). If these files exploit security holes in the browser of someone
|
||||||
|
who's viewing the wiki, that can be a security problem.
|
||||||
|
|
||||||
|
Of course nobody else seems to worry about this in other wikis, so should we?
|
||||||
|
|
||||||
|
Currently only people with direct svn commit access can upload such files
|
||||||
|
(and if you wanted to you could block that with a svn pre-commit hook).
|
||||||
|
Wsers with only web commit access are limited to editing pages as ikiwiki
|
||||||
|
doesn't support file uploads from browsers (yet), so they can't exploit
|
||||||
|
this.
|
||||||
|
|
||||||
## multiple accessors of wiki directory
|
## multiple accessors of wiki directory
|
||||||
|
|
||||||
If multiple people can write to the source directory ikiwiki is using, or
|
If multiple people can write to the source directory ikiwiki is using, or
|
||||||
|
@ -130,6 +131,15 @@ Login to the wiki involves sending a password in cleartext over the net.
|
||||||
Cracking the password only allows editing the wiki as that user though.
|
Cracking the password only allows editing the wiki as that user though.
|
||||||
If you care, you can use https, I suppose.
|
If you care, you can use https, I suppose.
|
||||||
|
|
||||||
|
## XSS holes in CGI output
|
||||||
|
|
||||||
|
ikiwiki has not yet been audited to ensure that all cgi script input/output
|
||||||
|
is sanitised to prevent XSS attacks. For example, a user can't register
|
||||||
|
with a username containing html code (anymore).
|
||||||
|
|
||||||
|
It's difficult to know for sure if all such avenues have really been
|
||||||
|
closed though.
|
||||||
|
|
||||||
----
|
----
|
||||||
|
|
||||||
# Fixed holes
|
# Fixed holes
|
||||||
|
|
Loading…
Reference in New Issue