[clug] CLUG Wiki
Alex Satrapa
grail at goldweb.com.au
Wed Jan 5 03:41:40 GMT 2005
On 5 Jan 2005, at 13:22, Nigel Cunningham wrote:
> Perhaps I'm just an ignoramous (you can't know everything!), but I
> thought those issues were dealt with.
They were. The "did no behave well publically" part is actually due to
the "security researcher" who publically announced the vulnerabilities
two days after trying to contact the TWiki authors, without waiting for
the TWiki authors to contact all registered TWiki users. Said
"researcher" then went on to badmouth TWiki and its authors. I guess
Steve listened.
http://twiki.org/p/pub/Codev/SecurityAlertExecuteCommandsWithSearch/
advisory-facts.txt
So yes, TWiki suffers from unforgivably poor coding practices
(bypassing Taint checking with a match-all regex) and lazy programmers
attending to some portions. Have you reviewed all the source code for
your chosen wiki?
Alex
More information about the linux
mailing list