Permalink
Browse files

add security review from Remy Blank

  • Loading branch information...
1 parent 0e80b75 commit 263707091446e59dd6722ef218b02ed33caaea10 @ejucovy ejucovy committed Aug 16, 2012
Showing with 22 additions and 3 deletions.
  1. +22 −3 README.txt
View
@@ -11,9 +11,28 @@ Your templates will have access to the request as ``req``, which can be
useful for tasks like URL generation, rendering form tokens for POST
requests, and checking for a logged-in user.
-'''Note: no security considerations whatsoever went into the making of
-this plugin. It might be a terrible idea. If you happen to know that
-it is, please let me know.'''
+Note: no security considerations whatsoever went into the making of
+this plugin. It might be a terrible idea. Trac core dev Remy Blank
+said:
+
+> Genshi templates allow executing arbitrary Python code. So you basically
+> give users who can insert the macro anywhere (wiki page, ticket comment,
+> etc) permission to act as the user running Trac, including running run
+> any shell command.
+>
+{{{#!Genshi
+<div>${open('/etc/apache2/htpasswd').read()}</div>
+}}}
+
+{{{#!Genshi
+<?python
+ import os
+ os.system("rm /path/to/env/db/trac.db")
+?>
+}}}
+>
+> So my advice is, only enable this macro on sites where you trust *all*
+> users who can edit *any* wiki text with the web server's account.
Configuration and Usage
-----------------------

0 comments on commit 2637070

Please sign in to comment.