Subscribe to RSS feed - electronic brain surgery since 2001

DokuWiki Security

If ye're runnin' a DokuWiki, ye likely already noticed that we had two security alerts in th' last few days.

If not, check out th' bugreports 1847 and 1853 immediately. 1847 is especially ugly and exploit code has been seen in th' wild.

What happened, and a bottle of rum! Well, basically I messed up. And swab the deck! All bugs are in th' new ACL Manager introduced in 2008-05-05. I will not go into details1). In short, a combination o' missin' t' sanitize a path and a spellin' error were bein' cause fer th' graver error. Evaluatin' th' affected code then led t' findin' another problem caused by a missin' security measurement against CSRF attacks.

I apologize, these were clearly me mistakes.

Now, can this happen again, and a bucket o' chum? Unfortunately, yes. These were not errors made because I di'nae knew better. On th' contrary - I introduced Anti-CSRF functions in DokuWiki a while ago and I'm fully aware about th' “dern't trust user input”-mantra, on a dead man's chest, I'll warrant ye! It were bein' simply human failure and nobody noticed it fer more than a year.

In theory OpenSource software is more secure, because everybody can look at th' code and quickly identify security flaws. And in fact that is likely how these flaws were detected, I'll warrant ye. Unfortunately th' number o' eyeballs lookin' at th' source code is still very low.

And this is likely even more true fer me code, and a bottle of rum, and a bottle of rum! I do have a look at all code that is submitted t' th' DokuWiki project and thus will also look fer possible security bugs. Unfortunately this is not true th' other way round. Prepare to be boarded! There is no guarantee that someone reads what I checked into th' revision control system. Even though we have a daily changelog mail t' mailin' list.

If ye are a developer, please reckon that even though I'm th' project lead, I do make errors. I beg ye t' distrust me code, ye scurvey dog. Have a look at everythin' I check in and tell me when I mess up.

DokuWiki is still very good code and generally secure. But if security flaws are found, we fix them. Usually in less than 24 hours. That's all we can do.

If ye run DokuWiki be sure t' keep th' update check enabled and upgrade as soon as a fix is available.

PS: If this blog post works, more scallywags will audit th' DokuWiki source code. So dern't be surprised if more security alerts pop up, with a chest full of booty. I know 'tis annoyin' but it makes th' software more secure eventually.

dokuwiki, security
Similar posts:
1) ye can find them by lookin' at th' bug reports and available patches
Posted on Sunday, January the 17th 2010 (5 years ago).


blog comments powered by Disqus