On Wed, 27 Mar 2013 00:19:53 -0700, Brian Wolff <bawo...@gmail.com> wrote:
Note, using directory names that can be pre-determined in a public /tmp directory is a bit dangerous in a shared server. Another user could make the directory, put something malicious in it (for example an evil post-merge hook), and then have your script use the malicious data. One way around that could be to add the $wgSecretKey (and some salt) to the variables that generate the hash that becomes the directory name.
Please don't. I've been trying to slowly move us away from depending on wgSecretKey's secrecy for security. Eventually I hope to try an eliminate dependence on it from extensions too. And in an ideal case, eventually stop setting it in the installer (unless you have an edge case where a little more entropy for CryptRand could be useful; Or maybe not, I need to double check which case that was, but it might not even exist anymore with our version requirements).
I see people over and over asking for help and inadvertently handing that information which is supposed to remain secret right over in public.
Instead of trying to make the paths a secret just don't put that data inside of public /tmp directories. I recommend setting your git director config to false and in an extension setup function set it to some path based on the upload directory. This is basically what we used to do with $wgTmpDirectory which was used by CACHE_DBA.
Cheers, bawolff p.s. if any of that was confusing or unclear, please let me know.
-- ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://danielfriesen.name/] _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
