Page MenuHomePhabricator

Provide `auth lock` and `auth unlock` to restrict authentication provider management to the CLI
Closed, ResolvedPublic


See some discussion in T6755. Providing auth lock and auth unlock commands would moderately increase the security of installs in the face of a compromised administrative account. There is normally very little need to edit authentication configuration after initial setup, and it necessarily has a wide array of access implications.

With respect to T6755, specifically, it is potentially an SSRF vector. It's somewhat hard to imagine this being a meaningful component of a practical attack, but not wholly absurd.

Event Timeline

epriestley raised the priority of this task from to Low.
epriestley updated the task description. (Show Details)
epriestley added projects: Security, Auth.
epriestley added a subscriber: epriestley.

After T13222, this is more relevant:

  • Administrator accounts may disable all MFA from the web UI.
  • Auth guidance is a more compelling target for content injection than most injectable channels (e.g., the login screen can be made to say "go to and type in ur password qt ;)", which seems authoritative-ish).

This could be made slightly cleaner with a setSummary() to set a shorter summary:

Screen Shot 2019-04-18 at 7.01.55 AM.png (251×916 px, 51 KB)

epriestley added a revision: Restricted Differential Revision.Apr 18 2019, 2:05 PM
epriestley added a commit: Restricted Diffusion Commit.Apr 18 2019, 8:08 PM
epriestley added a commit: Restricted Diffusion Commit.Apr 22 2019, 5:38 AM