Lock down some config options

Summary:
This is just a general review of config options, to reduce the amount of damage a rogue administrator (without host access) can do. In particular:

  - Fix some typos.
  - Lock down some options which would potentially let a rogue administrator do something sketchy.
    - Most of the new locks relate to having them register a new service account, then redirect services to their account. This potentially allows them to read email.
    - Lock down some general disk stuff, which could be troublesome in combination with other vulnerabilities.

Test Plan:
  - Read through config options.
  - Tried to think about how to do evil things with each one.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8928
This commit is contained in:
epriestley
2014-05-01 10:23:49 -07:00
parent 68023e64a9
commit 7145587df7
12 changed files with 42 additions and 16 deletions

View File

@@ -14,16 +14,19 @@ final class PhabricatorAWSConfigOptions
public function getOptions() { public function getOptions() {
return array( return array(
$this->newOption('amazon-ses.access-key', 'string', null) $this->newOption('amazon-ses.access-key', 'string', null)
->setLocked(true)
->setDescription(pht('Access key for Amazon SES.')), ->setDescription(pht('Access key for Amazon SES.')),
$this->newOption('amazon-ses.secret-key', 'string', null) $this->newOption('amazon-ses.secret-key', 'string', null)
->setMasked(true) ->setMasked(true)
->setDescription(pht('Secret key for Amazon SES.')), ->setDescription(pht('Secret key for Amazon SES.')),
$this->newOption('amazon-s3.access-key', 'string', null) $this->newOption('amazon-s3.access-key', 'string', null)
->setLocked(true)
->setDescription(pht('Access key for Amazon S3.')), ->setDescription(pht('Access key for Amazon S3.')),
$this->newOption('amazon-s3.secret-key', 'string', null) $this->newOption('amazon-s3.secret-key', 'string', null)
->setMasked(true) ->setMasked(true)
->setDescription(pht('Secret key for Amazon S3.')), ->setDescription(pht('Secret key for Amazon S3.')),
$this->newOption('amazon-s3.endpoint', 'string', null) $this->newOption('amazon-s3.endpoint', 'string', null)
->setLocked(true)
->setDescription( ->setDescription(
pht( pht(
'Explicit S3 endpoint to use. Leave empty to have Phabricator '. 'Explicit S3 endpoint to use. Leave empty to have Phabricator '.
@@ -31,6 +34,7 @@ final class PhabricatorAWSConfigOptions
->addExample(null, 'Use default endpoint') ->addExample(null, 'Use default endpoint')
->addExample('s3.amazon.com', 'Use specific endpoint'), ->addExample('s3.amazon.com', 'Use specific endpoint'),
$this->newOption('amazon-ec2.access-key', 'string', null) $this->newOption('amazon-ec2.access-key', 'string', null)
->setLocked(true)
->setDescription(pht('Access key for Amazon EC2.')), ->setDescription(pht('Access key for Amazon EC2.')),
$this->newOption('amazon-ec2.secret-key', 'string', null) $this->newOption('amazon-ec2.secret-key', 'string', null)
->setMasked(true) ->setMasked(true)

View File

@@ -92,6 +92,9 @@ final class PhabricatorCoreConfigOptions
pht('Install Beta Applications'), pht('Install Beta Applications'),
pht('Uninstall Beta Applications') pht('Uninstall Beta Applications')
)) ))
->setSummary(
pht(
'Install applications which are still under development.'))
->setDescription( ->setDescription(
pht( pht(
"Phabricator includes 'Beta' applications which are in an early ". "Phabricator includes 'Beta' applications which are in an early ".
@@ -109,7 +112,7 @@ final class PhabricatorCoreConfigOptions
pht('Shenanigans'), // That should be interesting to translate. :P pht('Shenanigans'), // That should be interesting to translate. :P
)) ))
->setSummary( ->setSummary(
pht("Should Phabricator be serious?")) pht("Allows you to remove levity and jokes from the UI."))
->setDescription( ->setDescription(
pht( pht(
'By default, Phabricator includes some flavor text in the UI, '. 'By default, Phabricator includes some flavor text in the UI, '.
@@ -135,6 +138,7 @@ final class PhabricatorCoreConfigOptions
"The current value of PATH after configuration is applied is:\n\n". "The current value of PATH after configuration is applied is:\n\n".
" lang=text\n". " lang=text\n".
" %s", $path)) " %s", $path))
->setLocked(true)
->addExample('/usr/local/bin', pht('Add One Path')) ->addExample('/usr/local/bin', pht('Add One Path'))
->addExample("/usr/bin\n/usr/local/bin", pht('Add Multiple Paths')), ->addExample("/usr/bin\n/usr/local/bin", pht('Add Multiple Paths')),
$this->newOption('config.lock', 'set', array()) $this->newOption('config.lock', 'set', array())

View File

@@ -32,6 +32,7 @@ final class PhabricatorExtendingPhabricatorConfigOptions
'aphront.default-application-configuration-class', 'aphront.default-application-configuration-class',
'class', 'class',
'AphrontDefaultApplicationConfiguration') 'AphrontDefaultApplicationConfiguration')
->setLocked(true)
->setBaseClass('AphrontApplicationConfiguration') ->setBaseClass('AphrontApplicationConfiguration')
// TODO: This could probably use some better documentation. // TODO: This could probably use some better documentation.
->setDescription(pht("Application configuration class.")), ->setDescription(pht("Application configuration class.")),

View File

@@ -13,14 +13,15 @@ final class PhabricatorMailgunConfigOptions
public function getOptions() { public function getOptions() {
return array( return array(
$this->newOption('mailgun.api-key', 'string', null)
->setMasked(true)
->setDescription(pht('Mailgun API key.')),
$this->newOption('mailgun.domain', 'string', null) $this->newOption('mailgun.domain', 'string', null)
->setLocked(true)
->setDescription( ->setDescription(
pht( pht(
'Mailgun domain name. See https://mailgun.com/cp/domains')) 'Mailgun domain name. See https://mailgun.com/cp/domains'))
->addExample('mycompany.com', 'Use specific domain'), ->addExample('mycompany.com', 'Use specific domain'),
$this->newOption('mailgun.api-key', 'string', null)
->setMasked(true)
->setDescription(pht('Mailgun API key.')),
); );
} }

View File

@@ -42,6 +42,7 @@ final class PhabricatorPHDConfigOptions
"mode with 'phd debug' are always launched in verbose mode. See ". "mode with 'phd debug' are always launched in verbose mode. See ".
"also 'phd.trace'.")), "also 'phd.trace'.")),
$this->newOption('phd.user', 'string', null) $this->newOption('phd.user', 'string', null)
->setLocked(true)
->setSummary(pht("System user to run daemons as.")) ->setSummary(pht("System user to run daemons as."))
->setDescription( ->setDescription(
pht( pht(

View File

@@ -14,6 +14,7 @@ final class PhabricatorPHPMailerConfigOptions
public function getOptions() { public function getOptions() {
return array( return array(
$this->newOption('phpmailer.mailer', 'string', 'smtp') $this->newOption('phpmailer.mailer', 'string', 'smtp')
->setLocked(true)
->setSummary(pht("Configure mailer used by PHPMailer.")) ->setSummary(pht("Configure mailer used by PHPMailer."))
->setDescription( ->setDescription(
pht( pht(
@@ -23,11 +24,14 @@ final class PhabricatorPHPMailerConfigOptions
"You need it when you want to use SMTP instead of sendmail as the ". "You need it when you want to use SMTP instead of sendmail as the ".
"mailer.")), "mailer.")),
$this->newOption('phpmailer.smtp-host', 'string', null) $this->newOption('phpmailer.smtp-host', 'string', null)
->setLocked(true)
->setDescription(pht('Host for SMTP.')), ->setDescription(pht('Host for SMTP.')),
$this->newOption('phpmailer.smtp-port', 'int', 25) $this->newOption('phpmailer.smtp-port', 'int', 25)
->setLocked(true)
->setDescription(pht('Port for SMTP.')), ->setDescription(pht('Port for SMTP.')),
// TODO: Implement "enum"? Valid values are empty, 'tls', or 'ssl'. // TODO: Implement "enum"? Valid values are empty, 'tls', or 'ssl'.
$this->newOption('phpmailer.smtp-protocol', 'string', null) $this->newOption('phpmailer.smtp-protocol', 'string', null)
->setLocked(true)
->setSummary(pht('Configure TLS or SSL for SMTP.')) ->setSummary(pht('Configure TLS or SSL for SMTP.'))
->setDescription( ->setDescription(
pht( pht(
@@ -35,6 +39,7 @@ final class PhabricatorPHPMailerConfigOptions
"'ssl' to use TLS or SSL, respectively. Leave it blank for ". "'ssl' to use TLS or SSL, respectively. Leave it blank for ".
"vanilla SMTP. If you're sending via Gmail, set it to 'ssl'.")), "vanilla SMTP. If you're sending via Gmail, set it to 'ssl'.")),
$this->newOption('phpmailer.smtp-user', 'string', null) $this->newOption('phpmailer.smtp-user', 'string', null)
->setLocked(true)
->setDescription(pht('Username for SMTP.')), ->setDescription(pht('Username for SMTP.')),
$this->newOption('phpmailer.smtp-password', 'string', null) $this->newOption('phpmailer.smtp-password', 'string', null)
->setMasked(true) ->setMasked(true)

View File

@@ -16,6 +16,7 @@ final class PhabricatorSecurityConfigOptions
return array( return array(
$this->newOption('security.alternate-file-domain', 'string', null) $this->newOption('security.alternate-file-domain', 'string', null)
->setLocked(true)
->setSummary(pht("Alternate domain to serve files from.")) ->setSummary(pht("Alternate domain to serve files from."))
->setDescription( ->setDescription(
pht( pht(
@@ -43,6 +44,7 @@ final class PhabricatorSecurityConfigOptions
'string', 'string',
'[D\t~Y7eNmnQGJ;rnH6aF;m2!vJ8@v8C=Cs:aQS\.Qw') '[D\t~Y7eNmnQGJ;rnH6aF;m2!vJ8@v8C=Cs:aQS\.Qw')
->setMasked(true) ->setMasked(true)
->setLocked(true)
->setSummary( ->setSummary(
pht("Key for HMAC digests.")) pht("Key for HMAC digests."))
->setDescription( ->setDescription(
@@ -85,6 +87,7 @@ final class PhabricatorSecurityConfigOptions
'string', 'string',
'0b7ec0592e0a2829d8b71df2fa269b2c6172eca3') '0b7ec0592e0a2829d8b71df2fa269b2c6172eca3')
->setMasked(true) ->setMasked(true)
->setLocked(true)
->setSummary( ->setSummary(
pht("Hashed with other inputs to generate CSRF tokens.")) pht("Hashed with other inputs to generate CSRF tokens."))
->setDescription( ->setDescription(
@@ -100,6 +103,7 @@ final class PhabricatorSecurityConfigOptions
'string', 'string',
'5ce3e7e8787f6e40dfae861da315a5cdf1018f12') '5ce3e7e8787f6e40dfae861da315a5cdf1018f12')
->setMasked(true) ->setMasked(true)
->setLocked(true)
->setSummary( ->setSummary(
pht("Hashed with other inputs to generate mail tokens.")) pht("Hashed with other inputs to generate mail tokens."))
->setDescription( ->setDescription(
@@ -196,12 +200,13 @@ final class PhabricatorSecurityConfigOptions
pht("Allow"), pht("Allow"),
pht("Disallow"), pht("Disallow"),
)) ))
->setLocked(true)
->setSummary( ->setSummary(
pht("Allow outbound HTTP requests")) pht("Allow outbound HTTP requests"))
->setDescription( ->setDescription(
pht( pht(
"If you enable this, you are allowing Phabricator to potentially ". "If you enable this, you are allowing Phabricator to ".
"make requests to external servers.")), "potentially make requests to external servers.")),
); );
} }

View File

@@ -14,6 +14,7 @@ final class PhabricatorSendGridConfigOptions
public function getOptions() { public function getOptions() {
return array( return array(
$this->newOption('sendgrid.api-user', 'string', null) $this->newOption('sendgrid.api-user', 'string', null)
->setLocked(true)
->setDescription(pht('SendGrid API username.')), ->setDescription(pht('SendGrid API username.')),
$this->newOption('sendgrid.api-key', 'string', null) $this->newOption('sendgrid.api-key', 'string', null)
->setMasked(true) ->setMasked(true)

View File

@@ -118,6 +118,7 @@ final class PhabricatorFilesConfigOptions
'Configure the largest file which will be put into the MySQL '. 'Configure the largest file which will be put into the MySQL '.
'storage engine.')), 'storage engine.')),
$this->newOption('storage.local-disk.path', 'string', null) $this->newOption('storage.local-disk.path', 'string', null)
->setLocked(true)
->setSummary(pht('Local storage disk path.')) ->setSummary(pht('Local storage disk path.'))
->setDescription( ->setDescription(
pht( pht(
@@ -190,7 +191,7 @@ final class PhabricatorFilesConfigOptions
pht('Disable') pht('Disable')
))->setDescription( ))->setDescription(
pht("This option will enable animated gif images". pht("This option will enable animated gif images".
"to be set as profile pictures. The \'convert\' binary ". "to be set as profile pictures. The 'convert' binary ".
"should be available to the webserver for this to work")), "should be available to the webserver for this to work")),
); );

View File

@@ -19,6 +19,7 @@ final class PhabricatorPhameConfigOptions
array( array(
'externals/skins/', 'externals/skins/',
)) ))
->setLocked(true)
->setDescription( ->setDescription(
pht('List of directories where Phame will look for skins.')), pht('List of directories where Phame will look for skins.')),
); );

View File

@@ -61,6 +61,7 @@ final class PhabricatorPhortuneConfigOptions
->setHidden(true) ->setHidden(true)
->setDescription(pht('WePay access token.')), ->setDescription(pht('WePay access token.')),
$this->newOption('phortune.wepay.account-id', 'string', null) $this->newOption('phortune.wepay.account-id', 'string', null)
->setLocked(true)
->setHidden(true) ->setHidden(true)
->setDescription(pht('WePay account ID.')), ->setDescription(pht('WePay account ID.')),
); );

View File

@@ -17,6 +17,7 @@ final class PhabricatorRepositoryConfigOptions
public function getOptions() { public function getOptions() {
return array( return array(
$this->newOption('repository.default-local-path', 'string', '/var/repo/') $this->newOption('repository.default-local-path', 'string', '/var/repo/')
->setLocked(true)
->setSummary( ->setSummary(
pht("Default location to store local copies of repositories.")) pht("Default location to store local copies of repositories."))
->setDescription( ->setDescription(