phorge-phorge

revi-archive/phorge-phorge

Fork 0

mirror of https://we.phorge.it/source/phorge.git synced 2024-11-13 18:32:41 +01:00

Commit graph

Author	SHA1	Message	Date
epriestley	7145587df7	Lock down some config options Summary: This is just a general review of config options, to reduce the amount of damage a rogue administrator (without host access) can do. In particular: - Fix some typos. - Lock down some options which would potentially let a rogue administrator do something sketchy. - Most of the new locks relate to having them register a new service account, then redirect services to their account. This potentially allows them to read email. - Lock down some general disk stuff, which could be troublesome in combination with other vulnerabilities. Test Plan: - Read through config options. - Tried to think about how to do evil things with each one. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Differential Revision: https://secure.phabricator.com/D8928	2014-05-01 10:23:49 -07:00
Zack Gomez	c0bf41d4a3	Fix typo in default phame config Summary: I skipped lint because it was being angry at me. Test Plan: ran phame with new default, was able to join blogosphere Reviewers: epriestley, codeblock Reviewed By: epriestley CC: aran, Korvin Differential Revision: https://secure.phabricator.com/D4618	2013-01-25 00:40:04 +04:00
epriestley	668a818f3c	Move Phame config into config options Summary: so much work Test Plan: clicky clicky Reviewers: codeblock, btrahan Reviewed By: codeblock CC: aran Maniphest Tasks: T2255 Differential Revision: https://secure.phabricator.com/D4448	2013-01-15 15:36:49 -08:00

Author

SHA1

Message

Date

epriestley

7145587df7

Lock down some config options

Summary:
This is just a general review of config options, to reduce the amount of damage a rogue administrator (without host access) can do. In particular:

  - Fix some typos.
  - Lock down some options which would potentially let a rogue administrator do something sketchy.
    - Most of the new locks relate to having them register a new service account, then redirect services to their account. This potentially allows them to read email.
    - Lock down some general disk stuff, which could be troublesome in combination with other vulnerabilities.

Test Plan:
  - Read through config options.
  - Tried to think about how to do evil things with each one.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8928

2014-05-01 10:23:49 -07:00

Zack Gomez

c0bf41d4a3

Fix typo in default phame config

Summary: I skipped lint because it was being angry at me.

Test Plan: ran phame with new default, was able to join blogosphere

Reviewers: epriestley, codeblock

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4618

2013-01-25 00:40:04 +04:00

epriestley

668a818f3c

Move Phame config into config options

Summary: so much work

Test Plan: clicky clicky

Reviewers: codeblock, btrahan

Reviewed By: codeblock

CC: aran

Maniphest Tasks: T2255

Differential Revision: https://secure.phabricator.com/D4448

2013-01-15 15:36:49 -08:00

3 commits