From c49af80ab38f71abcbe9887dde4b76d462595f4a Mon Sep 17 00:00:00 2001 From: joey Date: Sun, 22 Oct 2006 21:12:21 +0000 Subject: [PATCH] some notes about the security (or lack thereof) of plugins --- doc/security.mdwn | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/doc/security.mdwn b/doc/security.mdwn index fea0eb727..723c01863 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -158,6 +158,20 @@ allowed, so that's not a problem.) ---- +# Plugins + +The security of [[plugins]] depends on how well they're written and what +external tools they use. The plugins included in ikiwiki are all held to +the same standards as the rest of ikiwiki, but with that said, here are +some security notes for them. + +* The [[plugins/img]] plugin assumes that imagemagick/perlmagick are secure + from malformed image attacks. Imagemagick has had security holes in the + past. To be able to exploit such a hole, a user would need to be able to + upload images to the wiki. + +---- + # Fixed holes _(Unless otherwise noted, these were discovered and immediately fixed by the -- 2.26.2