Tasks related to enhancing the security of Phabricator.
Wed, Jul 31
Tue, Jul 30
Jul 15 2019
Jul 10 2019
Apr 18 2019
This could be made slightly cleaner with a setSummary() to set a shorter summary:
Apr 17 2019
Apr 11 2019
Apr 10 2019
Feb 2 2019
Jan 29 2019
Some guidance about "configure captchas if you're a public-facing, password-login install" would be good here too
Jan 25 2019
After T13222, this is more relevant:
From T13222, MFA on related flows should generally be updated.
Jan 21 2019
Thanks! I get the same behavior locally, I filed this upstream: https://bugs.php.net/bug.php?id=77496
I can't get MYSQLI_OPT_LOCAL_INFILE to work on secure, either. I tried on secure001 and secure004 (where the database is not local). As far as I can tell, this option doesn't do anything, anywhere, ever?
Jan 20 2019
We're probably done here, but ideally the next steps are:
Jan 18 2019
Maybe another point in favor of this claim is that the option does not work is the behavior of this:
I think that maybe mysql_nonapi.c just overrides the conn->options() call? Near line 269 of PHP 7.2.3:
I can't get MYSQLI_OPT_LOCAL_INFILE to work on secure, either. I tried on secure001 and secure004 (where the database is not local). As far as I can tell, this option doesn't do anything, anywhere, ever? I'm going to look at the source and see if I can figure out what's going on, but I'll back it out of D19998 if I can't find some evidence that it's useful.
I'm unable to get the MySQLi option MYSQLI_OPT_LOCAL_INFILE to actually work. Here's the script I'm using:
It looks like we don't need to do anything about mysql on the CLI since this option is, thankfully, not enabled by default:
Jan 16 2019
Jan 15 2019
Performing this "attack" requires administrator privileges and probably some weird social engineering around making the "Reply All" happen.
Jan 14 2019
Jan 4 2019
When Phabricator receives the mail, it doesn't know which "To" or "Cc" actually caused delivery
Jan 3 2019
In moving forward here, we're generally moving from manually-configured HMAC keys to automatic ones. This is generally good: it's simpler (less configuration); and I believe almost no one configured the old ones, so installs now actually get unique HMAC keys; and the new keys have more entropy, too.
See a note in T12509 about HMAC key regeneration.