Page MenuHomePhabricator
Feed Advanced Search

Dec 12 2018

epriestley moved T7667: Provide `auth lock` and `auth unlock` to restrict authentication provider management to the CLI from Backlog to Next on the Auth board.
Dec 12 2018, 8:19 PM · Auth, Security
epriestley moved T9770: It is possible to use the same 2FA token more than once from Backlog to Next on the Auth board.
Dec 12 2018, 8:03 PM · Security, Auth
epriestley added a revision to T13217: Upgrading: Hardening of qsprintf(): D19872: Fix a stray qsprintf() in the Herald rules engine when recording rule application to objects.
Dec 12 2018, 6:59 PM · Installing & Upgrading, Infrastructure, Security, Guides
epriestley closed T13217: Upgrading: Hardening of qsprintf() as Resolved.

There are probably some stragglers that have yet to turn up, but we appear to have survived this largely unscathed.

Dec 12 2018, 6:19 PM · Installing & Upgrading, Infrastructure, Security, Guides
epriestley added a revision to T13217: Upgrading: Hardening of qsprintf(): D19869: Fix some straggling qsprintf() warnings in repository import.
Dec 12 2018, 1:25 PM · Installing & Upgrading, Infrastructure, Security, Guides

Nov 26 2018

epriestley added a project to T13223: "Land Revision" builds a commit message as an omnipotent user, not the revision author or landing user: Drydock.
Nov 26 2018, 5:53 PM · Drydock, Policy, Differential, Security
epriestley triaged T13223: "Land Revision" builds a commit message as an omnipotent user, not the revision author or landing user as Low priority.
Nov 26 2018, 5:53 PM · Drydock, Policy, Differential, Security

Nov 25 2018

epriestley added a revision to T13217: Upgrading: Hardening of qsprintf(): D19837: Make a Feed query construction less clever/sneaky for new qsprintf() semantics.
Nov 25 2018, 9:40 PM · Installing & Upgrading, Infrastructure, Security, Guides

Nov 17 2018

epriestley updated the task description for T13217: Upgrading: Hardening of qsprintf().
Nov 17 2018, 1:35 AM · Installing & Upgrading, Infrastructure, Security, Guides
epriestley added a revision to T6960: Support %P in qsprintf(): Restricted Differential Revision.
Nov 17 2018, 1:21 AM · Security, Infrastructure
epriestley added a revision to T13217: Upgrading: Hardening of qsprintf(): Restricted Differential Revision.
Nov 17 2018, 1:21 AM · Installing & Upgrading, Infrastructure, Security, Guides
epriestley added a revision to T13217: Upgrading: Hardening of qsprintf(): D19820: Fix some "%Q" behavior in PhortuneMerchantQuery.
Nov 17 2018, 1:20 AM · Installing & Upgrading, Infrastructure, Security, Guides
epriestley added a revision to T13217: Upgrading: Hardening of qsprintf(): Restricted Differential Revision.
Nov 17 2018, 1:12 AM · Installing & Upgrading, Infrastructure, Security, Guides

Nov 15 2018

epriestley added a revision to T13217: Upgrading: Hardening of qsprintf(): D19814: Continue cleaning up queries in the wake of changes to "%Q".
Nov 15 2018, 2:00 PM · Installing & Upgrading, Infrastructure, Security, Guides
epriestley added a revision to T13217: Upgrading: Hardening of qsprintf(): D19812: Use "%P" to protect session key hashes in SessionEngine queries from DarkConsole.
Nov 15 2018, 1:32 PM · Installing & Upgrading, Infrastructure, Security, Guides
epriestley added a revision to T6960: Support %P in qsprintf(): D19812: Use "%P" to protect session key hashes in SessionEngine queries from DarkConsole.
Nov 15 2018, 1:32 PM · Security, Infrastructure
epriestley added a revision to T6960: Support %P in qsprintf(): D19811: Keep the new "%P" query conversion out of the service call profiler by unmasking later.
Nov 15 2018, 1:28 PM · Security, Infrastructure
epriestley added a revision to T13217: Upgrading: Hardening of qsprintf(): D19811: Keep the new "%P" query conversion out of the service call profiler by unmasking later.
Nov 15 2018, 1:28 PM · Installing & Upgrading, Infrastructure, Security, Guides
epriestley updated the task description for T13217: Upgrading: Hardening of qsprintf().
Nov 15 2018, 1:26 PM · Installing & Upgrading, Infrastructure, Security, Guides

Nov 13 2018

epriestley added a revision to T13217: Upgrading: Hardening of qsprintf(): D19801: Fix all query warnings in "arc unit --everything".
Nov 13 2018, 6:33 PM · Installing & Upgrading, Infrastructure, Security, Guides
epriestley added a revision to T13217: Upgrading: Hardening of qsprintf(): D19800: Add "%Z" (Raw Query) and "%LK" (List of Columns for Keys) to qsprintf().
Nov 13 2018, 6:29 PM · Installing & Upgrading, Infrastructure, Security, Guides
epriestley closed T6960: Support %P in qsprintf() as Resolved by committing rPHUf842247de41a: Support %P (Password or Secret) in qsprintf().
Nov 13 2018, 4:48 PM · Security, Infrastructure
epriestley added a comment to T13217: Upgrading: Hardening of qsprintf().

I'm going to start landing this stuff now. master will start complaining about unsafe queries all over the place (although much less frequently than it was when I first added the warning). Depending on how much complaining still exists on Friday I might make the warning developer-only, but I'm currently hopeful that I can clean up most of it before the next release promotes.

Nov 13 2018, 4:47 PM · Installing & Upgrading, Infrastructure, Security, Guides

Nov 9 2018

epriestley updated the task description for T13217: Upgrading: Hardening of qsprintf().
Nov 9 2018, 12:42 PM · Installing & Upgrading, Infrastructure, Security, Guides

Nov 7 2018

epriestley added a revision to T13217: Upgrading: Hardening of qsprintf(): D19790: Continue making application fixes to Phabricator for changes to %Q semantics.
Nov 7 2018, 12:59 PM · Installing & Upgrading, Infrastructure, Security, Guides
epriestley added a revision to T13217: Upgrading: Hardening of qsprintf(): D19789: Update many Phabricator queries for new %Q query semantics.
Nov 7 2018, 12:29 PM · Installing & Upgrading, Infrastructure, Security, Guides
epriestley added a revision to T13217: Upgrading: Hardening of qsprintf(): D19788: Make "%LO" and "%LA" more readable when there is only one subclause.
Nov 7 2018, 12:03 PM · Installing & Upgrading, Infrastructure, Security, Guides
epriestley added a revision to T13217: Upgrading: Hardening of qsprintf(): D19787: Make %LO, %LA, %LQ and %LJ more lax in what they accept (warnings instead of exceptions).
Nov 7 2018, 12:00 PM · Installing & Upgrading, Infrastructure, Security, Guides
epriestley added a revision to T13217: Upgrading: Hardening of qsprintf(): D19786: Add %LJ (joined with spaces) to qsprintf() for merging JOIN clauses.
Nov 7 2018, 10:48 AM · Installing & Upgrading, Infrastructure, Security, Guides
epriestley added a revision to T13217: Upgrading: Hardening of qsprintf(): D19785: Make SELECT construction in PolicyAwareQuery safer.
Nov 7 2018, 10:40 AM · Installing & Upgrading, Infrastructure, Security, Guides
epriestley added a revision to T13217: Upgrading: Hardening of qsprintf(): D19784: Update PhabricatorLiskDAO::chunkSQL() for new %Q semantics.
Nov 7 2018, 1:06 AM · Installing & Upgrading, Infrastructure, Security, Guides
epriestley updated the task description for T13217: Upgrading: Hardening of qsprintf().
Nov 7 2018, 12:51 AM · Installing & Upgrading, Infrastructure, Security, Guides
epriestley added a revision to T6960: Support %P in qsprintf(): D19783: Support %LA (AND), %LO (OR) and %LQ (comma) conversions for qsprintf() to improve safety.
Nov 7 2018, 12:45 AM · Security, Infrastructure
epriestley added a revision to T13217: Upgrading: Hardening of qsprintf(): D19783: Support %LA (AND), %LO (OR) and %LQ (comma) conversions for qsprintf() to improve safety.
Nov 7 2018, 12:45 AM · Installing & Upgrading, Infrastructure, Security, Guides
epriestley added a project to T13217: Upgrading: Hardening of qsprintf(): Installing & Upgrading.
Nov 7 2018, 12:35 AM · Installing & Upgrading, Infrastructure, Security, Guides
epriestley added a revision to T6960: Support %P in qsprintf(): D19782: Support %P (Password or Secret) in qsprintf().
Nov 7 2018, 12:34 AM · Security, Infrastructure
epriestley added a revision to T13217: Upgrading: Hardening of qsprintf(): D19782: Support %P (Password or Secret) in qsprintf().
Nov 7 2018, 12:34 AM · Installing & Upgrading, Infrastructure, Security, Guides
epriestley added a revision to T13217: Upgrading: Hardening of qsprintf(): D19781: Make qsprintf() return an object, not a string, to support %P and hardening of %Q.
Nov 7 2018, 12:23 AM · Installing & Upgrading, Infrastructure, Security, Guides
epriestley triaged T13217: Upgrading: Hardening of qsprintf() as Low priority.
Nov 7 2018, 12:19 AM · Installing & Upgrading, Infrastructure, Security, Guides

Aug 27 2018

epriestley added a comment to T12877: Should not allow searching for users if "Can Browse User Directory" is not allowed.

I made this public since I've disclosed/discussed this elsewhere, including an indirect reference in the Spaces documentation, and I'm going to schedule it alongside some other stuff.

Aug 27 2018, 4:34 PM · People, Security
epriestley changed the visibility for T12877: Should not allow searching for users if "Can Browse User Directory" is not allowed.
Aug 27 2018, 4:32 PM · People, Security
epriestley added a revision to T13186: Upgrading: Legacy "Can Edit <Field>" policies in Maniphest; requireCapabilities() in TransactionEditor: D19608: Stop requiring CAN_EDIT to reach the TransactionEditor via "*.edit" in EditEngine.
Aug 27 2018, 2:56 PM · Security, Policy, ApplicationEditor, Guides, Installing & Upgrading

Aug 24 2018

epriestley added a comment to T13186: Upgrading: Legacy "Can Edit <Field>" policies in Maniphest; requireCapabilities() in TransactionEditor.

Pushing the requireCapabilities() change out one more week since I had some stuff crop up early this week and it didn't get a chance to soak.

Aug 24 2018, 4:26 PM · Security, Policy, ApplicationEditor, Guides, Installing & Upgrading
epriestley updated the task description for T13186: Upgrading: Legacy "Can Edit <Field>" policies in Maniphest; requireCapabilities() in TransactionEditor.
Aug 24 2018, 4:25 PM · Security, Policy, ApplicationEditor, Guides, Installing & Upgrading

Aug 18 2018

epriestley updated the task description for T13186: Upgrading: Legacy "Can Edit <Field>" policies in Maniphest; requireCapabilities() in TransactionEditor.
Aug 18 2018, 8:10 PM · Security, Policy, ApplicationEditor, Guides, Installing & Upgrading

Aug 17 2018

epriestley added a comment to T13186: Upgrading: Legacy "Can Edit <Field>" policies in Maniphest; requireCapabilities() in TransactionEditor.

I'm going to push this out to next week since D19586 probably has a few minor issues with it and it's close to the release cut. It adds a lot of new policy checks which weren't explicit before, so I'd guess it may cause a few improper policy errors on things which are actually allowed. I caught a bunch of them (like "Mute Thread") but probably didn't get every single one.

Aug 17 2018, 3:32 PM · Security, Policy, ApplicationEditor, Guides, Installing & Upgrading
epriestley updated the task description for T13186: Upgrading: Legacy "Can Edit <Field>" policies in Maniphest; requireCapabilities() in TransactionEditor.
Aug 17 2018, 3:30 PM · Security, Policy, ApplicationEditor, Guides, Installing & Upgrading

Aug 16 2018

epriestley triaged T13186: Upgrading: Legacy "Can Edit <Field>" policies in Maniphest; requireCapabilities() in TransactionEditor as Low priority.
Aug 16 2018, 4:01 PM · Security, Policy, ApplicationEditor, Guides, Installing & Upgrading

Aug 14 2018

epriestley added a comment to T12877: Should not allow searching for users if "Can Browse User Directory" is not allowed.

I'm touching some adjacent code for a "Disable User" permission in T13164.

Aug 14 2018, 3:49 PM · People, Security

May 18 2018

epriestley added a comment to T13143: Git treats large text files as binary, which probably has security implications around audit and "enormous changes".

In D19455 I've reduced our "enormous change" threshold from 1GB to 256MB, which puts us underneath Git's 512MB magic number. This probably mitigates this to at least some degree.

May 18 2018, 9:03 PM · Diffusion, Security
epriestley triaged T13143: Git treats large text files as binary, which probably has security implications around audit and "enormous changes" as Low priority.
May 18 2018, 5:53 PM · Diffusion, Security

May 14 2018

epriestley triaged T13138: Improve consistency of MFA requirements to invite/approve users as Wishlist priority.
May 14 2018, 2:14 PM · People, Security

Apr 8 2018

epriestley added a parent task for T13117: `patch` just runs any command?: T12664: Update diff/patch parsing to extract more metadata and parse a wider range of formats.
Apr 8 2018, 12:59 PM · Security

Apr 7 2018

epriestley added a comment to T13117: `patch` just runs any command?.

A related attack is a bare whatever.patch file which writes to .git/config or .hg/hgconfig or whatever.

Apr 7 2018, 12:54 PM · Security

Apr 5 2018

epriestley triaged T13117: `patch` just runs any command? as Normal priority.
Apr 5 2018, 6:46 PM · Security

Mar 23 2018

epriestley updated the task description for T13112: Safari, PDFs, and Content-Security-Policy interact oddly.
Mar 23 2018, 11:50 AM · Safari, Security, Files
epriestley closed T13112: Safari, PDFs, and Content-Security-Policy interact oddly as Resolved.

Actually, it seems like rel="noreferrer" fixes this. This is bizarre so maybe this is a problem with a spooky ghost haunting my computer?

Mar 23 2018, 11:48 AM · Safari, Security, Files
epriestley triaged T13112: Safari, PDFs, and Content-Security-Policy interact oddly as Normal priority.
Mar 23 2018, 11:47 AM · Safari, Security, Files

Mar 15 2018

arend.danielek added a watcher for Security: arend.danielek.
Mar 15 2018, 9:46 PM

Mar 8 2018

epriestley closed T13101: The "{img ...}" and "{meme ...}" remarkup rules violate the new Content-Security-Policy as Resolved.

Macro frowncat: Presuming this is resolved until I learn otherwise.

Mar 8 2018, 7:24 PM · Remarkup, Security, Macros
epriestley added a comment to T13101: The "{img ...}" and "{meme ...}" remarkup rules violate the new Content-Security-Policy.

very good memes

Mar 8 2018, 7:19 PM · Remarkup, Security, Macros
epriestley added a comment to T13101: The "{img ...}" and "{meme ...}" remarkup rules violate the new Content-Security-Policy.

Macro nyancat:  meow

Mar 8 2018, 7:19 PM · Remarkup, Security, Macros
epriestley added a comment to T13101: The "{img ...}" and "{meme ...}" remarkup rules violate the new Content-Security-Policy.

hmmm

Mar 8 2018, 7:18 PM · Remarkup, Security, Macros
epriestley added a revision to T13101: The "{img ...}" and "{meme ...}" remarkup rules violate the new Content-Security-Policy: D19203: Possibly fix memes in email.
Mar 8 2018, 7:04 PM · Remarkup, Security, Macros
epriestley added a revision to T13101: The "{img ...}" and "{meme ...}" remarkup rules violate the new Content-Security-Policy: D19201: Somewhat improve meme transform code so it is merely very bad.
Mar 8 2018, 6:50 PM · Remarkup, Security, Macros
epriestley added a revision to T13101: The "{img ...}" and "{meme ...}" remarkup rules violate the new Content-Security-Policy: D19200: PhabricatorMemeEngine HA HA HA HA.
Mar 8 2018, 5:38 PM · Remarkup, Security, Macros
epriestley added a revision to T13101: The "{img ...}" and "{meme ...}" remarkup rules violate the new Content-Security-Policy: D19198: Remove some old image transform code with no callsites.
Mar 8 2018, 4:31 PM · Remarkup, Security, Macros
epriestley added a comment to T13101: The "{img ...}" and "{meme ...}" remarkup rules violate the new Content-Security-Policy.

Actually, HTML mail has an issue now.

Mar 8 2018, 4:00 PM · Remarkup, Security, Macros
epriestley added a comment to T13101: The "{img ...}" and "{meme ...}" remarkup rules violate the new Content-Security-Policy.

This is technically fixed now but the meme stuff is real old and rough so I'm going to maybe make some kind of effort to get through more of T5258, etc.

Mar 8 2018, 3:56 PM · Remarkup, Security, Macros
epriestley added a revision to T13101: The "{img ...}" and "{meme ...}" remarkup rules violate the new Content-Security-Policy: D19196: Always serve "{meme ...}" from the CDN domain, never from the primary domain.
Mar 8 2018, 3:40 PM · Remarkup, Security, Macros
epriestley added a revision to T13101: The "{img ...}" and "{meme ...}" remarkup rules violate the new Content-Security-Policy: D19194: When rendering "{image ...}" images, check the cache and just render a direct "<img />" tag if possible.
Mar 8 2018, 2:51 PM · Remarkup, Security, Macros
epriestley added a revision to T13101: The "{img ...}" and "{meme ...}" remarkup rules violate the new Content-Security-Policy: D19193: When proxying an "{image ...}" image fails, show the user an error message.
Mar 8 2018, 1:36 PM · Remarkup, Security, Macros
epriestley added a revision to T13101: The "{img ...}" and "{meme ...}" remarkup rules violate the new Content-Security-Policy: D19192: Separate the "{img ...}" remarkup rule into separate parse and markup phases.
Mar 8 2018, 1:03 PM · Remarkup, Security, Macros

Mar 7 2018

epriestley triaged T13101: The "{img ...}" and "{meme ...}" remarkup rules violate the new Content-Security-Policy as Normal priority.
Mar 7 2018, 11:11 PM · Remarkup, Security, Macros

Mar 5 2018

epriestley added a revision to T4340: Implement Content-Security-Policy and Strict-Transport-Security headers: D19172: Don't emit Content-Security-Policy when returning a response during preflight setup checks.
Mar 5 2018, 2:52 PM · Phacility, Security

Mar 2 2018

epriestley closed T4340: Implement Content-Security-Policy and Strict-Transport-Security headers as Resolved.

This is promoting soon and we seem to have come through it without too much damage. T13095 is a followup for style="..." attributes.

Mar 2 2018, 3:44 PM · Phacility, Security
epriestley added a revision to T4340: Implement Content-Security-Policy and Strict-Transport-Security headers: D19170: Include the primary domain in the Content-Security-Policy explicitly if there's no CDN.
Mar 2 2018, 3:03 PM · Phacility, Security

Mar 1 2018

epriestley added a revision to T4340: Implement Content-Security-Policy and Strict-Transport-Security headers: D19160: Expose Content-Security-Policy form actions from OAuth1 authentication adapters.
Mar 1 2018, 3:26 AM · Phacility, Security
epriestley added a revision to T4340: Implement Content-Security-Policy and Strict-Transport-Security headers: D19159: Include OAuth targets in "form-action" Content-Security-Policy.
Mar 1 2018, 3:26 AM · Phacility, Security
epriestley added a revision to T4340: Implement Content-Security-Policy and Strict-Transport-Security headers: D19158: Block use of "<base />" in the Content Security Policy.
Mar 1 2018, 2:54 AM · Phacility, Security
epriestley triaged T13095: Remove all inline styles to support a "style-src 'self'/<cdn-domain>" Content-Security-Policy as Low priority.
Mar 1 2018, 2:12 AM · Security
epriestley closed T13094: Improve file behaviors around POST requests and downloads as Resolved.

These changes are all deployed here, now. The embed element only got touched lightly but is at least slightly better. See T4340 for further adventures in Content-Security-Policy.

Mar 1 2018, 1:26 AM · Security, Files
epriestley added a revision to T13094: Improve file behaviors around POST requests and downloads: D19157: Stop using forms to download files in file embed and lightbox elements.
Mar 1 2018, 1:19 AM · Security, Files
epriestley added a revision to T4340: Implement Content-Security-Policy and Strict-Transport-Security headers: D19156: Never generate file download forms which point to the CDN domain, tighten "form-action" CSP.
Mar 1 2018, 12:55 AM · Phacility, Security
epriestley added a revision to T13094: Improve file behaviors around POST requests and downloads: D19156: Never generate file download forms which point to the CDN domain, tighten "form-action" CSP.
Mar 1 2018, 12:55 AM · Security, Files

Feb 28 2018

epriestley added a revision to T13094: Improve file behaviors around POST requests and downloads: D19155: Remove defunct "download" route in Files pointing to nonexistent controller.
Feb 28 2018, 11:21 PM · Security, Files
epriestley added a comment to T13094: Improve file behaviors around POST requests and downloads.
  • "Download" is a form, so you can't command-click it.
  • The whole thing is a <div href="..." /> (huh?) so you can't command-click it to open it in a new window.
  • When you click it for a non-image file, you get this weird interstitial that you can leave comments on if you click an additional button, which uses janky animations and AJAX. This feature is pretty half-baked and I've never seen anyone actually use it. It's possibly a net negative in its current form.
  • There is no way to actually show the text file in the browser! ARHGRH
Feb 28 2018, 11:08 PM · Security, Files
epriestley added a comment to T13094: Improve file behaviors around POST requests and downloads.

Okay, here's another one of these:

Feb 28 2018, 10:52 PM · Security, Files
epriestley triaged T13094: Improve file behaviors around POST requests and downloads as Normal priority.
Feb 28 2018, 10:50 PM · Security, Files
epriestley added a revision to T4340: Implement Content-Security-Policy and Strict-Transport-Security headers: D19154: Add "object-src 'none'" to the Content-Security-Policy.
Feb 28 2018, 10:17 PM · Phacility, Security

Feb 27 2018

epriestley added a parent task for T4340: Implement Content-Security-Policy and Strict-Transport-Security headers: T13093: Plans: 2018 Week 9 Bonus Content.
Feb 27 2018, 11:07 PM · Phacility, Security
epriestley added a revision to T4340: Implement Content-Security-Policy and Strict-Transport-Security headers: D19144: Add "Referrer-Policy: no-referrer" to standard HTTP headers.
Feb 27 2018, 8:19 PM · Phacility, Security
epriestley added a revision to T4340: Implement Content-Security-Policy and Strict-Transport-Security headers: D19143: Emit a "Content-Security-Policy" HTTP header.
Feb 27 2018, 5:33 PM · Phacility, Security
epriestley added a comment to T4340: Implement Content-Security-Policy and Strict-Transport-Security headers.

On the Stripe payment processing workflow, we embed a piece of Javascript directly from Stripe.
On the Recaptcha flow, we embed a piece of Javascript directly from Google.

Feb 27 2018, 5:09 PM · Phacility, Security
epriestley added a comment to T4340: Implement Content-Security-Policy and Strict-Transport-Security headers.

Other stuff to test:

Feb 27 2018, 4:55 PM · Phacility, Security
epriestley added a comment to T4340: Implement Content-Security-Policy and Strict-Transport-Security headers.

When we use a Quicksand transition from page A (which does not have Google or Recaptcha stuff on it) to page B (which does), the CSP from Page A will currently still be in control and prevent Page B from working.

Feb 27 2018, 4:11 PM · Phacility, Security
epriestley added a comment to T4340: Implement Content-Security-Policy and Strict-Transport-Security headers.

On the Stripe payment processing workflow, we embed a piece of Javascript directly from Stripe.

Feb 27 2018, 4:05 PM · Phacility, Security
epriestley added a comment to T4340: Implement Content-Security-Policy and Strict-Transport-Security headers.

I don't think this exposes new attack surface, at least today.

Feb 27 2018, 3:43 PM · Phacility, Security
epriestley added a comment to T4340: Implement Content-Security-Policy and Strict-Transport-Security headers.

Idle thought: can we data: an SVG with onhover behaviors?

Feb 27 2018, 3:39 PM · Phacility, Security
epriestley added a comment to T4340: Implement Content-Security-Policy and Strict-Transport-Security headers.

Idle thought: can we data: an SVG with onhover behaviors?

Feb 27 2018, 3:31 PM · Phacility, Security