web commit from 66.118.98.137:

2006-03-11 06:02:51 +00:00 · 2006-03-11 06:02:51 +00:00 · dce2ce40e8
parent 8440a771c1
commit dce2ce40e8
1 changed files with 4 additions and 0 deletions
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@ -92,3 +92,7 @@ to the html pages, etc.

 If the wrapper script is made suid, then any bugs in this wrapper would be
 security holes. The wrapper is written as securely as I know how, is based on code that has a history of security use long before ikiwiki, and there's been no problem yet.
+
+## shell exploits
+
+ikiwiki does not expose untrusted data to the shell. In fact it doesn't use system() at all, and the only use of backticks is on data supplied by the wiki admin. And it runs with taint checks on of course..