Page MenuHomePhabricator
Differential D10993

Lock `phabricator.show-prototypes`
ClosedPublic
Actions

Authored by epriestley on Dec 15 2014, 6:59 PM.
Tags
None
Referenced Files
F15530237: D10993.id.diff
Wed, Apr 23, 3:02 AM
F15512649: D10993.id26392.diff
Thu, Apr 17, 12:26 PM
F15489593: D10993.diff
Fri, Apr 11, 10:29 AM
F15463949: D10993.id.diff
Wed, Apr 2, 4:53 AM
F15420552: D10993.id26392.diff
Mar 21 2025, 2:55 PM
F15404717: D10993.id.diff
Mar 18 2025, 8:44 AM
F15390095: D10993.id26391.diff
Mar 15 2025, 5:54 AM
F15390088: D10993.id.diff
Mar 15 2025, 5:53 AM
View All Files
Subscribers
epriestley

Details

Reviewers
btrahan
Commits
Restricted Diffusion Commit
rP2c7be52fc23e: Lock `phabricator.show-prototypes`
Summary

Two goals:

  • If an attacker compromises an administrator account (without compromising the host itself), they can currently take advantage of vulnerabilities in prototype applications by enabling the applications, then exploiting the vulnerability. Locking this option requires CLI access to enable prototypes, so installs which do not have prototypes enabled have no exposure to security issues in prototype applications.
  • Making this very slightly harder to enable is probably a good thing, given the state of the world and support.
Test Plan

Verified that web UI shows the value is locked and instructs the user to update via the CLI.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley updated this revision to Diff 26391.Dec 15 2014, 6:59 PM
epriestley retitled this revision from to Lock `phabricator.show-prototypes`.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: btrahan.
Herald added a subscriber: epriestley. · View Herald TranscriptDec 15 2014, 6:59 PM
btrahan accepted this revision.Dec 15 2014, 6:59 PM
btrahan edited edge metadata.

awesometown

This revision is now accepted and ready to land.Dec 15 2014, 6:59 PM
Closed by commit rP2c7be52fc23e: Lock `phabricator.show-prototypes` (authored by epriestley, committed by epriestley). · Explain WhyDec 15 2014, 7:00 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
src/
applications/
config/
option/
1 line

Diff 26392

View Options

src/applications/config/option/PhabricatorCoreConfigOptions.php

Loading...
Phabricator · Built by Phacility