mirror of
https://we.phorge.it/source/phorge.git
synced 2024-09-22 18:28:47 +02:00
7145587df7
Summary:
This is just a general review of config options, to reduce the amount of damage a rogue administrator (without host access) can do. In particular:
- Fix some typos.
- Lock down some options which would potentially let a rogue administrator do something sketchy.
- Most of the new locks relate to having them register a new service account, then redirect services to their account. This potentially allows them to read email.
- Lock down some general disk stuff, which could be troublesome in combination with other vulnerabilities.
Test Plan:
- Read through config options.
- Tried to think about how to do evil things with each one.
Reviewers: btrahan
Reviewed By: btrahan
Subscribers: epriestley
Differential Revision: https://secure.phabricator.com/D8928
|
||
|---|---|---|
| .. | ||
| application | ||
| conduit | ||
| constants | ||
| controller | ||
| customfield | ||
| daemon | ||
| data | ||
| editor | ||
| engine | ||
| management | ||
| phid | ||
| query | ||
| response | ||
| search | ||
| storage | ||
| worker | ||
| PhabricatorRepositoryConfigOptions.php | ||