HomePhabricator

Lock down some config options

Description

Lock down some config options

Summary:
This is just a general review of config options, to reduce the amount of damage a rogue administrator (without host access) can do. In particular:

  • Fix some typos.
  • Lock down some options which would potentially let a rogue administrator do something sketchy.
    • Most of the new locks relate to having them register a new service account, then redirect services to their account. This potentially allows them to read email.
    • Lock down some general disk stuff, which could be troublesome in combination with other vulnerabilities.

Test Plan:

  • Read through config options.
  • Tried to think about how to do evil things with each one.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8928

Details

Provenance
epriestleyAuthored on
epriestleyPushed on May 1 2014, 5:23 PM
Reviewer
btrahan
Differential Revision
D8928: Lock down some config options
Parents
rP68023e64a922: Document multi-factor authentication
Branches
Unknown
Tags
Unknown

Event Timeline