Page MenuHomePhabricator

Provide `auth lock` and `auth unlock` to restrict authentication provider management to the CLI
Open, LowPublic

Description

See some discussion in T6755. Providing auth lock and auth unlock commands would moderately increase the security of installs in the face of a compromised administrative account. There is normally very little need to edit authentication configuration after initial setup, and it necessarily has a wide array of access implications.

With respect to T6755, specifically, it is potentially an SSRF vector. It's somewhat hard to imagine this being a meaningful component of a practical attack, but not wholly absurd.

Event Timeline

epriestley updated the task description. (Show Details)
epriestley raised the priority of this task from to Low.
epriestley added projects: Security, Auth.
epriestley added a subscriber: epriestley.
eadler added a subscriber: eadler.Apr 28 2015, 3:28 AM
epriestley moved this task from Backlog to Next on the Auth board.Dec 12 2018, 8:19 PM

After T13222, this is more relevant:

  • Administrator accounts may disable all MFA from the web UI.
  • Auth guidance is a more compelling target for content injection than most injectable channels (e.g., the login screen can be made to say "go to evil.ru and type in ur password qt ;)", which seems authoritative-ish).

This could be made slightly cleaner with a setSummary() to set a shorter summary:

epriestley added a revision: Restricted Differential Revision.Apr 18 2019, 2:05 PM
epriestley added a commit: Restricted Diffusion Commit.Apr 18 2019, 8:08 PM
epriestley added a commit: Restricted Diffusion Commit.Mon, Apr 22, 5:38 AM