web commit from 66.118.98.137:

[ikiwiki.git] / doc / security.mdwn

diff --git a/doc/security.mdwn b/doc/security.mdwn
index a3e38721831b5ffbff497fe2cda00876da3ef17a..42795b63eaf8966f0307a7871db6cdfe36b7997f 100644 (file)
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -83,12 +83,16 @@ ikiwiki does not allow cgi scripts to be published as part of the wiki. Or
 rather, the script is published, but it's not marked executable, so
 hopefully your web server will not run it.
 
 rather, the script is published, but it's not marked executable, so
 hopefully your web server will not run it.
 

-## --gen-wrapper might generate insecure wrappers
+## suid wrappers

 
 

-ikiwiki --gen-wrapper is intended to generate a wrapper program that
+ikiwiki --wrapper is intended to generate a wrapper program that

 runs ikiwiki to update a given wiki. The wrapper can in turn be made suid,
 for example to be used in a [[post-commit]] hook by people who cannot write
 to the html pages, etc.
 
 If the wrapper script is made suid, then any bugs in this wrapper would be
 security holes. The wrapper is written as securely as I know how, is based on code that has a history of security use long before ikiwiki, and there's been no problem yet.
 runs ikiwiki to update a given wiki. The wrapper can in turn be made suid,
 for example to be used in a [[post-commit]] hook by people who cannot write
 to the html pages, etc.
 
 If the wrapper script is made suid, then any bugs in this wrapper would be
 security holes. The wrapper is written as securely as I know how, is based on code that has a history of security use long before ikiwiki, and there's been no problem yet.

+
+## shell exploits
+
+ikiwiki does not expose untrusted data to the shell. In fact it doesn't use system() at all, and the only use of backticks is on data supplied by the wiki admin. And it runs with taint checks on of course..
\ No newline at end of file