On Wed, 27 Mar 2013 00:19:53 -0700, Brian Wolff <bawolff(a)gmail.com> wrote:
Note, using directory names that can be pre-determined
in a public
/tmp directory is a bit dangerous in a shared server. Another user
could make the directory, put something malicious in it (for example
an evil post-merge hook), and then have your script use the malicious
data. One way around that could be to add the $wgSecretKey (and some
salt) to the variables that generate the hash that becomes the
directory name.
Please don't. I've been trying to slowly move us away from depending on
wgSecretKey's secrecy for security. Eventually I hope to try an eliminate
dependence on it from extensions too. And in an ideal case, eventually
stop setting it in the installer (unless you have an edge case where a
little more entropy for CryptRand could be useful; Or maybe not, I need to
double check which case that was, but it might not even exist anymore with
our version requirements).
I see people over and over asking for help and inadvertently handing that
information which is supposed to remain secret right over in public.
Instead of trying to make the paths a secret just don't put that data
inside of public /tmp directories.
I recommend setting your git director config to false and in an extension
setup function set it to some path based on the upload directory.
This is basically what we used to do with $wgTmpDirectory which was used
by CACHE_DBA.
Cheers,
bawolff
p.s. if any of that was confusing or unclear, please let me know.
--
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [
http://danielfriesen.name/]