urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

404 automatically loads goto

master
Joey Hess 2011-06-08 15:31:16 -04:00
parent 38021b0a59
commit 541ae52617
3 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
doc/ikiwiki-mass-rebuild.mdwn
View File

@ -9,7 +9,10 @@ ikiwiki-mass-rebuild
# DESCRIPTION
`ikiwiki-mass-rebuild` can be used to force a rebuild of all the wikis
on a system. You will need to list the setup files for the wikis it should
on a system (when run as root), or all of a user's wikis (when run as
non-root).
You will need to list the setup files for the wikis it should
build in the file `/etc/ikiwiki/wikilist`, which has the format:
user /path/to/ikiwiki.setup

2
doc/plugins/404.mdwn
View File

@ -7,7 +7,7 @@ nonexistent page provides you with a link to create it.
To enable the 404 handler you need to:
1. Edit your `.setup` file and add `404` and `goto` to the `add_plugins` line.
1. Edit your `.setup` file and add `404` to the `add_plugins` line.
2. Add a 404 error document handler in your Apache configuration:
`ErrorDocument 404 /url/path/to/ikiwiki.cgi`

17
doc/security.mdwn
View File

@ -471,6 +471,19 @@ who could upload a malicious stylesheet to a site to add it to a
page as an alternate stylesheet, or replacing the default stylesheet.
This hole was discovered on 28 Mar 2011 and fixed the same hour with
the release of ikiwiki 3.20110328. An upgrade is recommended for sites
that have untrusted committers, or have the attachments plugin enabled.
the release of ikiwiki 3.20110328. A fix was backported to Debian squeeze,
as version 3.20100815.6. An upgrade is recommended for sites that have
untrusted committers, or have the attachments plugin enabled.
([[!cve CVE-2011-1401]])
## tty hijacking via ikiwiki-mass-rebuild
Ludwig Nussel discovered a way for users to hijack root's tty when
ikiwiki-mass-rebuild was run. Additionally, there was some potential
for information disclosure via symlinks.
This hole was disconvered on 8 June 2011 and fixed the same day with
the release of ikiwiki 3.20110608. Note that the fix is dependant on
a su that has a similar hole fixed; [[!debbug 628843]] tracks fixing
the hole in Debian's su. An upgrade is a must for any sites whose
admins run ikiwiki-mass-rebuild.