projects
/
ikiwiki.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
bfe0d3f
)
update
author
joey
<joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
Mon, 28 Aug 2006 04:35:49 +0000
(
04:35
+0000)
committer
joey
<joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
Mon, 28 Aug 2006 04:35:49 +0000
(
04:35
+0000)
doc/security.mdwn
patch
|
blob
|
history
diff --git
a/doc/security.mdwn
b/doc/security.mdwn
index 9d7702dde3a09053fb09c27a9553a8829f4068e6..5cc35b33866d31892b5c16f3ad932fa8770e27ce 100644
(file)
--- a/
doc/security.mdwn
+++ b/
doc/security.mdwn
@@
-256,3
+256,10
@@
seem to affect our use, since the data is not encoded as utf-8 at that
point. #[378412](http://bugs.debian.org/378412) could affect us, although it
doesn't seem very exploitable. It has a simple fix, and has been fixed in
Debian unstable.
+
+## include loops
+
+Various directives that cause one page to be included into another could
+be exploited to DOS the wiki, by causing a loop. Ikiwiki has always guarded
+against this one way or another; the current solution should detect all
+types of loops involving preprocessor directives.