Commit Graph

19730 Commits (4729ff0812c1f3d06d98524e2fec232d3bf90513)

Author SHA1 Message Date
Simon McVittie 4729ff0812 Exclude working directory from library path (CVE-2016-1238)
Current Perl versions put '.' at the end of the library search path
@INC, although this will be fixed in a future Perl release. This means
that when software loads an optionally-present module, it will be
looked for in the current working directory before giving up. An
attacker could use this to execute arbitrary Perl code from ikiwiki's
current working directory.

Removing '.' from the library search path in Perl is the correct
fix for this vulnerability, but is not trivial to do due to
backwards-compatibility concerns. Mitigate this (even if ikiwiki is run
with a vulnerable Perl version) by explicitly removing '.' from the
search path, and instead looking for ikiwiki's own modules relative
to the absolute path of the executable when run from the source
directory.

In tests that specifically want to use the current working directory,
use "-I".getcwd instead of "-I." so we use its absolute path, which
is immune to the removal of ".".
2016-07-28 09:50:21 +01:00
Joey Hess a6c453606e
Revert strange translation of this page to French 2016-07-25 10:44:29 -04:00
https://me.yahoo.com/acidburn095#b6c38 14909f1d51 2016-07-25 01:39:21 -04:00
https://me.yahoo.com/acidburn095#b6c38 9427f79f97 2016-07-25 01:17:02 -04:00
Martian 1c7b7949dd Everyone is using comments here... let's go with the crowd 2016-06-30 06:43:36 -04:00
Martian 3642e56aad Added a comment: Using multiple setup files 2016-06-30 06:42:47 -04:00
Martian 0fa4c7296a Add todo/multiple setup option on command line 2016-06-30 06:28:40 -04:00
Martian 09deb9408a Add information about multiple setup options. 2016-06-30 06:22:59 -04:00
sydbarrett74@c9d10813594795e04bc80bb22b2efdec97df7f41 1e992c2c98 2016-06-26 14:57:52 -04:00
sydbarrett74@c9d10813594795e04bc80bb22b2efdec97df7f41 7f4507c4d0 wkhtmltopdf project has moved off of Google Code onto a dedicated site 2016-06-26 14:18:52 -04:00
Joey Hess 955b5cea5a
update 2016-06-23 16:39:36 -04:00
Martian 4f89d1f3cb 2016-06-22 11:35:48 -04:00
Martian 75438e12e5 apache on fedora and suid bit 2016-06-22 09:10:23 -04:00
smcv ec371adab1 yes, not committing the setup file to the same VCS is a security thing 2016-06-22 04:05:32 -04:00
Martian d4c7df992e Why not putting setup file in git? 2016-06-22 03:42:21 -04:00
https://me.yahoo.com/zoredache#d4929 58bede17b5 Added a comment 2016-06-20 15:38:41 -04:00
rsayers 9e485bf184 2016-06-16 13:15:26 -04:00
spalax 81c57fe69f Link to a work-in-progress plugin 2016-06-14 11:37:44 -04:00
spalax c9160ae83c Added a comment: More thought about the `pageversion` plugin 2016-06-14 11:36:33 -04:00
smcv 183c2f2590 Added a comment: more info required 2016-06-11 08:17:14 -04:00
smcv 3e18500c38 Added a comment 2016-06-11 08:14:21 -04:00
spalax 0cc9af205d Added a comment: More information 2016-06-10 14:58:09 -04:00
https://me.yahoo.com/zoredache#d4929 46eb10fcf6 2016-06-09 16:02:10 -04:00
https://me.yahoo.com/zoredache#d4929 142d8b7a79 2016-06-09 16:01:52 -04:00
aba+ikiwiki.info@2ec203a94961ba06ccb7743367b979cd57712b9f f8870b5af7 new user: www.s4-ausbau.de 2016-06-09 16:00:12 -04:00
smcv bfc5f06451 Added a comment: I'm not so sure that copying metadata is desirable 2016-06-09 11:09:30 -04:00
spalax eb5c293167 Questions about a new plugin 2016-06-07 16:20:12 -04:00
http://schmonz.livejournal.com/ 7615617680 Added a comment: cool! 2016-06-07 11:14:02 -04:00
openmedi 3c7c04e6a7 Added a comment 2016-06-07 09:55:29 -04:00
http://schmonz.livejournal.com/ 3ebba4b951 Added a comment: ok 2016-06-07 08:39:43 -04:00
openmedi 169abcd043 Added a comment 2016-06-07 07:23:43 -04:00
openmedi 053284fcc7 Added a comment 2016-06-07 07:19:48 -04:00
spalax 9da882c776 Add required packages 2016-06-07 02:26:23 -04:00
http://schmonz.livejournal.com/ 1167651861 Added a comment: what didn't work with pkgsrc? 2016-06-06 08:17:22 -04:00
openmedi 7396d8c612 Added a comment 2016-06-06 07:08:45 -04:00
spalax 5e6f933874 Update plugins/contrib/compile documentation 2016-06-05 17:08:25 -04:00
aba+ikiwiki.info@2ec203a94961ba06ccb7743367b979cd57712b9f 7ff8222802 2016-06-05 15:44:42 -04:00
https://id.koumbit.net/anarcat 720c83eff8 refer to openid delegation 2016-06-03 18:54:46 -04:00
smcv 59526a5aa0 Added a comment 2016-06-03 02:26:03 -04:00
Joey Hess 04f17b382f
Merge branch 'master' of ssh://git.ikiwiki.info 2016-06-03 01:37:01 -04:00
Joey Hess d9d61a5360
add freedombox as a kind of ikiwiki hosting service 2016-06-03 01:35:15 -04:00
http://schmonz.livejournal.com/ 43785417d0 Added a comment: why not keep using pkgsrc? 2016-06-02 21:53:24 -04:00
openmedi 747fd23df4 Added a comment 2016-06-02 14:18:40 -04:00
openmedi ab78d65638 2016-06-02 13:58:07 -04:00
spalax a3f48a1106 More about security 2016-05-31 16:49:26 -04:00
spalax 182a2ad992 More thought about "bibtex2html" and "compile" 2016-05-31 16:39:17 -04:00
https://id.koumbit.net/anarcat ef292879d4 link to discussion 2016-05-31 15:39:43 -04:00
https://id.koumbit.net/anarcat e1349b74e4 expand on the exec idea 2016-05-31 15:38:34 -04:00
Joey Hess d9bfe760d1
improve warning message for multiple sources for page 2016-05-31 15:29:09 -04:00
smcv d60c829475 a list of arbitrary shell delegates, what could possibly go wrong? 2016-05-31 14:51:28 -04:00