Hi folks! Having just mentioned the insecurity of my IncludeUpload recipe, I'd appreciate some help in actually making it secure. It's secure enough if one can trust the people who have edit permission, but if it's an open wiki, it is Bad News.
There are a few issues I'm aware of: 1. the command to do text-to-html conversion is a `command`, which isn't secure, since someone could pass in arguments which would turn it into `command arg;rm -rf /*` or the like. With Perl, there are things like taint. I don't know what the equivalent is in PHP. 2. Files stored in pmwiki/uploads are not checked to see whether the user has read permission on them. I'm not sure how one actually defines "read permission" for uploaded files, since PmWiki puts permissions on wiki pages, and it isn't clear how one would determine to which page a particular uploaded file "belongs", in order to see if the user is allowed to read the uploaded file. Presumably PmWiki does some sort of check when secure uploads are turned on, but I don't know how or where that's done. 3. Files stored under $DOCUMENT_ROOT do not check Apache permissions, they just go straight to the filesystem, which means that if the file is readable by Apache, then it's readable by anyone. I don't know how to check for this. Any suggestions? Kathryn Andersen -- _--_|\ | Kathryn Andersen <http://www.katspace.com> / \ | \_.--.*/ | GenFicCrit mailing list <http://www.katspace.com/gen_fic_crit/> v | ------------| Melbourne -> Victoria -> Australia -> Southern Hemisphere Maranatha! | -> Earth -> Sol -> Milky Way Galaxy -> Universe _______________________________________________ pmwiki-devel mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-devel
