[MediaWiki-l] Any security problems involved in letting administrators edit LocalSettings.php via a wiki page?

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[MediaWiki-l] Any security problems involved in letting administrators edit LocalSettings.php via a wiki page?

Jean Valjean
I want to let some of my administrators (in the wizards group) edit
LocalSettings.php, so I used this snippet, which allows them to make
changes by editing the Project:Shared_config.php page. Then I protected the
page so that only wizards can edit it. Do you think this presents any
security issues?

(I was also going to have it save the old version to a bak file, but I had
to comment that code out because I was getting a call to a function on a
non-object error, for some reason)

function editLocalSettingsOnPageContentSaveComplete( $article, $user,
$content,
        $summary, $isMinor, $isWatch, $section, $flags,
        $revision, $status, $baseRevId ) {
        if (
                $article->getTitle()->getFullText() !== 'Project:Shared
config.php' ) {
                return true;
        }
#        $oldRevision = Revision::newFromId( $baseRevId );
#        $oldRevisionContent = $oldRevision->getContent( Revision::RAW );
#        $oldRevisionContents = ContentHandler::getContentText(
$oldRevisionContent );
#        $oldRevisioncontents = str_replace( '<source lang="php"' . ">\n",
'', $oldRevisionContents );
#        $oldRevisioncontents = str_replace( '</source' . '>', '',
$oldRevisionContents );
#        file_put_contents ( '/home/wiki/shared_config.bak',
$oldRevisionContents );
        $contents = ContentHandler::getContentText( $content );
        $contents = str_replace( '<source lang="php"' . ">\n", '',
$contents );
        $contents = str_replace( '</source' . '>', '', $contents );
        file_put_contents ( '/home/wiki/shared_config.php',
                        $contents );
        return true;
}
$wgHooks['PageContentSaveComplete'][] =
        'editLocalSettingsOnPageContentSaveComplete';

# add an additional protection level restricting edit/move/etc. to users
with the "wizards" permission
$wgRestrictionLevels[] = 'wizards';
# give the "wizards" permission to users in the "wizard" group
$wgGroupPermissions['developer']['wizards'] = true;
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Any security problems involved in letting administrators edit LocalSettings.php via a wiki page?

John Doe-27
Yes, making localsettings.php world readable/editable is a huge security
issue.

On Sat, Jul 1, 2017 at 6:16 PM, Jean Valjean <[hidden email]>
wrote:

> I want to let some of my administrators (in the wizards group) edit
> LocalSettings.php, so I used this snippet, which allows them to make
> changes by editing the Project:Shared_config.php page. Then I protected the
> page so that only wizards can edit it. Do you think this presents any
> security issues?
>
> (I was also going to have it save the old version to a bak file, but I had
> to comment that code out because I was getting a call to a function on a
> non-object error, for some reason)
>
> function editLocalSettingsOnPageContentSaveComplete( $article, $user,
> $content,
>         $summary, $isMinor, $isWatch, $section, $flags,
>         $revision, $status, $baseRevId ) {
>         if (
>                 $article->getTitle()->getFullText() !== 'Project:Shared
> config.php' ) {
>                 return true;
>         }
> #        $oldRevision = Revision::newFromId( $baseRevId );
> #        $oldRevisionContent = $oldRevision->getContent( Revision::RAW );
> #        $oldRevisionContents = ContentHandler::getContentText(
> $oldRevisionContent );
> #        $oldRevisioncontents = str_replace( '<source lang="php"' . ">\n",
> '', $oldRevisionContents );
> #        $oldRevisioncontents = str_replace( '</source' . '>', '',
> $oldRevisionContents );
> #        file_put_contents ( '/home/wiki/shared_config.bak',
> $oldRevisionContents );
>         $contents = ContentHandler::getContentText( $content );
>         $contents = str_replace( '<source lang="php"' . ">\n", '',
> $contents );
>         $contents = str_replace( '</source' . '>', '', $contents );
>         file_put_contents ( '/home/wiki/shared_config.php',
>                         $contents );
>         return true;
> }
> $wgHooks['PageContentSaveComplete'][] =
>         'editLocalSettingsOnPageContentSaveComplete';
>
> # add an additional protection level restricting edit/move/etc. to users
> with the "wizards" permission
> $wgRestrictionLevels[] = 'wizards';
> # give the "wizards" permission to users in the "wizard" group
> $wgGroupPermissions['developer']['wizards'] = true;
> _______________________________________________
> MediaWiki-l mailing list
> To unsubscribe, go to:
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Any security problems involved in letting administrators edit LocalSettings.php via a wiki page?

Jean Valjean
Well I did take my passwords out of webroot.
https://www.mediawiki.org/wiki/Manual:Securing_database_passwords#Keep_MySQL_Passwords_Out_Of_Webroot

On Sat, Jul 1, 2017 at 6:18 PM, John <[hidden email]> wrote:

> Yes, making localsettings.php world readable/editable is a huge security
> issue.
>
> On Sat, Jul 1, 2017 at 6:16 PM, Jean Valjean <[hidden email]>
> wrote:
>
> > I want to let some of my administrators (in the wizards group) edit
> > LocalSettings.php, so I used this snippet, which allows them to make
> > changes by editing the Project:Shared_config.php page. Then I protected
> the
> > page so that only wizards can edit it. Do you think this presents any
> > security issues?
> >
> > (I was also going to have it save the old version to a bak file, but I
> had
> > to comment that code out because I was getting a call to a function on a
> > non-object error, for some reason)
> >
> > function editLocalSettingsOnPageContentSaveComplete( $article, $user,
> > $content,
> >         $summary, $isMinor, $isWatch, $section, $flags,
> >         $revision, $status, $baseRevId ) {
> >         if (
> >                 $article->getTitle()->getFullText() !== 'Project:Shared
> > config.php' ) {
> >                 return true;
> >         }
> > #        $oldRevision = Revision::newFromId( $baseRevId );
> > #        $oldRevisionContent = $oldRevision->getContent( Revision::RAW );
> > #        $oldRevisionContents = ContentHandler::getContentText(
> > $oldRevisionContent );
> > #        $oldRevisioncontents = str_replace( '<source lang="php"' .
> ">\n",
> > '', $oldRevisionContents );
> > #        $oldRevisioncontents = str_replace( '</source' . '>', '',
> > $oldRevisionContents );
> > #        file_put_contents ( '/home/wiki/shared_config.bak',
> > $oldRevisionContents );
> >         $contents = ContentHandler::getContentText( $content );
> >         $contents = str_replace( '<source lang="php"' . ">\n", '',
> > $contents );
> >         $contents = str_replace( '</source' . '>', '', $contents );
> >         file_put_contents ( '/home/wiki/shared_config.php',
> >                         $contents );
> >         return true;
> > }
> > $wgHooks['PageContentSaveComplete'][] =
> >         'editLocalSettingsOnPageContentSaveComplete';
> >
> > # add an additional protection level restricting edit/move/etc. to users
> > with the "wizards" permission
> > $wgRestrictionLevels[] = 'wizards';
> > # give the "wizards" permission to users in the "wizard" group
> > $wgGroupPermissions['developer']['wizards'] = true;
> > _______________________________________________
> > MediaWiki-l mailing list
> > To unsubscribe, go to:
> > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
> >
> _______________________________________________
> MediaWiki-l mailing list
> To unsubscribe, go to:
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Any security problems involved in letting administrators edit LocalSettings.php via a wiki page?

Legoktm
In reply to this post by Jean Valjean
On 07/01/2017 03:16 PM, Jean Valjean wrote:
> I want to let some of my administrators (in the wizards group) edit
> LocalSettings.php, so I used this snippet, which allows them to make
> changes by editing the Project:Shared_config.php page. Then I protected the
> page so that only wizards can edit it. Do you think this presents any
> security issues?

Yes, it presents a huge security issue. Anyone who can modify your
LocalSettings.php can execute arbitrary PHP code. They could see any
private data in your database, easily get passwords, or even potentially
give themselves server access.

I would highly recommend NOT doing this.

-- Legoktm

_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Any security problems involved in letting administrators edit LocalSettings.php via a wiki page?

Brian Wolff
Even ignoring the security issues, if one of your users makes a typo, they
take down the site and they cannot revert because the site is then down.

From a security prespective, this is equivalent to giving your users shell
access to your server. They can run any arbitrary program, do anything,
insert backdoors, etc. Additionally this setup requires the web user to
have write access to php enabled web directories which is also bad practise.

--
bawolff

On Saturday, July 1, 2017, Legoktm <[hidden email]> wrote:
> On 07/01/2017 03:16 PM, Jean Valjean wrote:
>> I want to let some of my administrators (in the wizards group) edit
>> LocalSettings.php, so I used this snippet, which allows them to make
>> changes by editing the Project:Shared_config.php page. Then I protected
the

>> page so that only wizards can edit it. Do you think this presents any
>> security issues?
>
> Yes, it presents a huge security issue. Anyone who can modify your
> LocalSettings.php can execute arbitrary PHP code. They could see any
> private data in your database, easily get passwords, or even potentially
> give themselves server access.
>
> I would highly recommend NOT doing this.
>
> -- Legoktm
>
> _______________________________________________
> MediaWiki-l mailing list
> To unsubscribe, go to:
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Any security problems involved in letting administrators edit LocalSettings.php via a wiki page?

Jean Valjean
Yeah, that's already happened a few times (typo taking the site down). What
I did on another wiki farm was have one wiki in charge of the other wiki's
config files, so that if you messed up LocalSettings.php, it wouldn't take
down the wiki that was modifying it.

My goal was to have some sort of version control system in place so that as
different people are changing the files, we know who did what when, and can
revert easily to a previous version.

On Sat, Jul 1, 2017 at 7:04 PM, Brian Wolff <[hidden email]> wrote:

> Even ignoring the security issues, if one of your users makes a typo, they
> take down the site and they cannot revert because the site is then down.
>
> From a security prespective, this is equivalent to giving your users shell
> access to your server. They can run any arbitrary program, do anything,
> insert backdoors, etc. Additionally this setup requires the web user to
> have write access to php enabled web directories which is also bad
> practise.
>
> --
> bawolff
>
> On Saturday, July 1, 2017, Legoktm <[hidden email]> wrote:
> > On 07/01/2017 03:16 PM, Jean Valjean wrote:
> >> I want to let some of my administrators (in the wizards group) edit
> >> LocalSettings.php, so I used this snippet, which allows them to make
> >> changes by editing the Project:Shared_config.php page. Then I protected
> the
> >> page so that only wizards can edit it. Do you think this presents any
> >> security issues?
> >
> > Yes, it presents a huge security issue. Anyone who can modify your
> > LocalSettings.php can execute arbitrary PHP code. They could see any
> > private data in your database, easily get passwords, or even potentially
> > give themselves server access.
> >
> > I would highly recommend NOT doing this.
> >
> > -- Legoktm
> >
> > _______________________________________________
> > MediaWiki-l mailing list
> > To unsubscribe, go to:
> > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
> >
> _______________________________________________
> MediaWiki-l mailing list
> To unsubscribe, go to:
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Any security problems involved in letting administrators edit LocalSettings.php via a wiki page?

Brian Wolff
Most people just use a git repo for version controlling their
LocalSettings.php

If you really really want to do this onwiki approach, try verifying the
file with `php -l` before saving.

--
brian

On Saturday, July 1, 2017, Jean Valjean <[hidden email]> wrote:
> Yeah, that's already happened a few times (typo taking the site down).
What
> I did on another wiki farm was have one wiki in charge of the other wiki's
> config files, so that if you messed up LocalSettings.php, it wouldn't take
> down the wiki that was modifying it.
>
> My goal was to have some sort of version control system in place so that
as
> different people are changing the files, we know who did what when, and
can
> revert easily to a previous version.
>
> On Sat, Jul 1, 2017 at 7:04 PM, Brian Wolff <[hidden email]> wrote:
>
>> Even ignoring the security issues, if one of your users makes a typo,
they
>> take down the site and they cannot revert because the site is then down.
>>
>> From a security prespective, this is equivalent to giving your users
shell

>> access to your server. They can run any arbitrary program, do anything,
>> insert backdoors, etc. Additionally this setup requires the web user to
>> have write access to php enabled web directories which is also bad
>> practise.
>>
>> --
>> bawolff
>>
>> On Saturday, July 1, 2017, Legoktm <[hidden email]> wrote:
>> > On 07/01/2017 03:16 PM, Jean Valjean wrote:
>> >> I want to let some of my administrators (in the wizards group) edit
>> >> LocalSettings.php, so I used this snippet, which allows them to make
>> >> changes by editing the Project:Shared_config.php page. Then I
protected
>> the
>> >> page so that only wizards can edit it. Do you think this presents any
>> >> security issues?
>> >
>> > Yes, it presents a huge security issue. Anyone who can modify your
>> > LocalSettings.php can execute arbitrary PHP code. They could see any
>> > private data in your database, easily get passwords, or even
potentially

>> > give themselves server access.
>> >
>> > I would highly recommend NOT doing this.
>> >
>> > -- Legoktm
>> >
>> > _______________________________________________
>> > MediaWiki-l mailing list
>> > To unsubscribe, go to:
>> > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>> >
>> _______________________________________________
>> MediaWiki-l mailing list
>> To unsubscribe, go to:
>> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>>
> _______________________________________________
> MediaWiki-l mailing list
> To unsubscribe, go to:
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Any security problems involved in letting administrators edit LocalSettings.php via a wiki page?

Jean Valjean
Well it does have a certain coolness factor to do everything through the
wiki. It's kind of like how Mark Zuckerberg wanted Facebookers to be able
to do everything they needed to do on the web without leaving Facebook.
Facebook would have email, messaging, games, video, search, and even
Wikipedia articles!
https://thenextweb.com/opinion/2015/03/25/facebook-has-officially-declared-it-wants-to-own-every-single-thing-you-do-on-the-internet

But why should Zuck be the only one to have such grand, sweeping ambitions?
Once MediaWiki becomes powerful enough, it can kill all other apps and rule
the world! http://www.npr.org/sections/alltechconsidered/2016/04/13/
474011009/facebooks-new-master-plan-kill-other-apps We can create MediaWiki
extensions for artificial intelligence, virtual reality, drones, you name
it. Why shouldn't there be artificially intelligent robotic aircraft that
anyone can edit?
https://www.fastcompany.com/3052885/mark-zuckerberg-facebook

Facebook walls people off from each other through the proprietary nature of
its technology and the cliquish tendencies of its circles of friends.
MediaWiki brings everyone together through openness and its natural
tendency to foster online collectivist utopias. Therefore the time is
coming for a steel cage match between the two platforms, in which they
battle for dominance, with room for only one survivor. Once technology
advances to the point where the software becomes self-aware, this
deathmatch can move from being a theoretical possibility to a practical
reality.

One might ask, "Why is it even necessary to revise LocalSettings.php so
often?" Ideally, there would be a configuration database, so that it
wouldn't be necessary to make so many changes to LocalSettings.php, but I
think the reason that never caught on is that there just aren't enough
MediaWiki installations out there for it to seem like a worthwhile idea.
It's not like WordPress, which probably has millions of installations. Or
hundreds of thousands, anyway. Thus, it seems like we're doomed to continue
manually editing PHP files for the foreseeable future.

Sucks that they got rid of php_check_syntax(). That seems superior to php
-l. http://php.net/manual/en/function.php-check-syntax.php

On Sat, Jul 1, 2017 at 7:32 PM, Brian Wolff <[hidden email]> wrote:

> Most people just use a git repo for version controlling their
> LocalSettings.php
>
> If you really really want to do this onwiki approach, try verifying the
> file with `php -l` before saving.
>
> --
> brian
>
> On Saturday, July 1, 2017, Jean Valjean <[hidden email]> wrote:
> > Yeah, that's already happened a few times (typo taking the site down).
> What
> > I did on another wiki farm was have one wiki in charge of the other
> wiki's
> > config files, so that if you messed up LocalSettings.php, it wouldn't
> take
> > down the wiki that was modifying it.
> >
> > My goal was to have some sort of version control system in place so that
> as
> > different people are changing the files, we know who did what when, and
> can
> > revert easily to a previous version.
> >
> > On Sat, Jul 1, 2017 at 7:04 PM, Brian Wolff <[hidden email]> wrote:
> >
> >> Even ignoring the security issues, if one of your users makes a typo,
> they
> >> take down the site and they cannot revert because the site is then down.
> >>
> >> From a security prespective, this is equivalent to giving your users
> shell
> >> access to your server. They can run any arbitrary program, do anything,
> >> insert backdoors, etc. Additionally this setup requires the web user to
> >> have write access to php enabled web directories which is also bad
> >> practise.
> >>
> >> --
> >> bawolff
> >>
> >> On Saturday, July 1, 2017, Legoktm <[hidden email]> wrote:
> >> > On 07/01/2017 03:16 PM, Jean Valjean wrote:
> >> >> I want to let some of my administrators (in the wizards group) edit
> >> >> LocalSettings.php, so I used this snippet, which allows them to make
> >> >> changes by editing the Project:Shared_config.php page. Then I
> protected
> >> the
> >> >> page so that only wizards can edit it. Do you think this presents any
> >> >> security issues?
> >> >
> >> > Yes, it presents a huge security issue. Anyone who can modify your
> >> > LocalSettings.php can execute arbitrary PHP code. They could see any
> >> > private data in your database, easily get passwords, or even
> potentially
> >> > give themselves server access.
> >> >
> >> > I would highly recommend NOT doing this.
> >> >
> >> > -- Legoktm
> >> >
> >> > _______________________________________________
> >> > MediaWiki-l mailing list
> >> > To unsubscribe, go to:
> >> > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
> >> >
> >> _______________________________________________
> >> MediaWiki-l mailing list
> >> To unsubscribe, go to:
> >> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
> >>
> > _______________________________________________
> > MediaWiki-l mailing list
> > To unsubscribe, go to:
> > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
> >
> _______________________________________________
> MediaWiki-l mailing list
> To unsubscribe, go to:
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Any security problems involved in letting administrators edit LocalSettings.php via a wiki page?

John Mark Vandenberg
If you are going to do this anyway, despite the warnings given, use some
regex to strictly find all function & method invocations and only allow a
very small whitelisted set. Err on the side of caution with the regex
finding too many matches including false positives.

On Sun, 2 Jul 2017 07:57 Jean Valjean <[hidden email]> wrote:

> Well it does have a certain coolness factor to do everything through the
> wiki. It's kind of like how Mark Zuckerberg wanted Facebookers to be able
> to do everything they needed to do on the web without leaving Facebook.
> Facebook would have email, messaging, games, video, search, and even
> Wikipedia articles!
>
> https://thenextweb.com/opinion/2015/03/25/facebook-has-officially-declared-it-wants-to-own-every-single-thing-you-do-on-the-internet
>
> But why should Zuck be the only one to have such grand, sweeping ambitions?
> Once MediaWiki becomes powerful enough, it can kill all other apps and rule
> the world! http://www.npr.org/sections/alltechconsidered/2016/04/13/
> 474011009/facebooks-new-master-plan-kill-other-apps
> <http://www.npr.org/sections/alltechconsidered/2016/04/13/474011009/facebooks-new-master-plan-kill-other-apps>
> We can create MediaWiki
> extensions for artificial intelligence, virtual reality, drones, you name
> it. Why shouldn't there be artificially intelligent robotic aircraft that
> anyone can edit?
> https://www.fastcompany.com/3052885/mark-zuckerberg-facebook
>
> Facebook walls people off from each other through the proprietary nature of
> its technology and the cliquish tendencies of its circles of friends.
> MediaWiki brings everyone together through openness and its natural
> tendency to foster online collectivist utopias. Therefore the time is
> coming for a steel cage match between the two platforms, in which they
> battle for dominance, with room for only one survivor. Once technology
> advances to the point where the software becomes self-aware, this
> deathmatch can move from being a theoretical possibility to a practical
> reality.
>
> One might ask, "Why is it even necessary to revise LocalSettings.php so
> often?" Ideally, there would be a configuration database, so that it
> wouldn't be necessary to make so many changes to LocalSettings.php, but I
> think the reason that never caught on is that there just aren't enough
> MediaWiki installations out there for it to seem like a worthwhile idea.
> It's not like WordPress, which probably has millions of installations. Or
> hundreds of thousands, anyway. Thus, it seems like we're doomed to continue
> manually editing PHP files for the foreseeable future.
>
> Sucks that they got rid of php_check_syntax(). That seems superior to php
> -l. http://php.net/manual/en/function.php-check-syntax.php
>
> On Sat, Jul 1, 2017 at 7:32 PM, Brian Wolff <[hidden email]> wrote:
>
> > Most people just use a git repo for version controlling their
> > LocalSettings.php
> >
> > If you really really want to do this onwiki approach, try verifying the
> > file with `php -l` before saving.
> >
> > --
> > brian
> >
> > On Saturday, July 1, 2017, Jean Valjean <[hidden email]>
> wrote:
> > > Yeah, that's already happened a few times (typo taking the site down).
> > What
> > > I did on another wiki farm was have one wiki in charge of the other
> > wiki's
> > > config files, so that if you messed up LocalSettings.php, it wouldn't
> > take
> > > down the wiki that was modifying it.
> > >
> > > My goal was to have some sort of version control system in place so
> that
> > as
> > > different people are changing the files, we know who did what when, and
> > can
> > > revert easily to a previous version.
> > >
> > > On Sat, Jul 1, 2017 at 7:04 PM, Brian Wolff <[hidden email]> wrote:
> > >
> > >> Even ignoring the security issues, if one of your users makes a typo,
> > they
> > >> take down the site and they cannot revert because the site is then
> down.
> > >>
> > >> From a security prespective, this is equivalent to giving your users
> > shell
> > >> access to your server. They can run any arbitrary program, do
> anything,
> > >> insert backdoors, etc. Additionally this setup requires the web user
> to
> > >> have write access to php enabled web directories which is also bad
> > >> practise.
> > >>
> > >> --
> > >> bawolff
> > >>
> > >> On Saturday, July 1, 2017, Legoktm <[hidden email]>
> wrote:
> > >> > On 07/01/2017 03:16 PM, Jean Valjean wrote:
> > >> >> I want to let some of my administrators (in the wizards group) edit
> > >> >> LocalSettings.php, so I used this snippet, which allows them to
> make
> > >> >> changes by editing the Project:Shared_config.php page. Then I
> > protected
> > >> the
> > >> >> page so that only wizards can edit it. Do you think this presents
> any
> > >> >> security issues?
> > >> >
> > >> > Yes, it presents a huge security issue. Anyone who can modify your
> > >> > LocalSettings.php can execute arbitrary PHP code. They could see any
> > >> > private data in your database, easily get passwords, or even
> > potentially
> > >> > give themselves server access.
> > >> >
> > >> > I would highly recommend NOT doing this.
> > >> >
> > >> > -- Legoktm
> > >> >
> > >> > _______________________________________________
> > >> > MediaWiki-l mailing list
> > >> > To unsubscribe, go to:
> > >> > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
> > >> >
> > >> _______________________________________________
> > >> MediaWiki-l mailing list
> > >> To unsubscribe, go to:
> > >> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
> > >>
> > > _______________________________________________
> > > MediaWiki-l mailing list
> > > To unsubscribe, go to:
> > > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
> > >
> > _______________________________________________
> > MediaWiki-l mailing list
> > To unsubscribe, go to:
> > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
> >
> _______________________________________________
> MediaWiki-l mailing list
> To unsubscribe, go to:
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Any security problems involved in letting administrators edit LocalSettings.php via a wiki page?

Yaron Koren-2
I should note that there's an extension that lets you modify some of the
settings from the web interface - Site Settings:

https://www.mediawiki.org/wiki/Extension:Site_Settings

It doesn't modify LocalSettings.php; it overrides it. It only covers a
fairly small number of settings, but maybe they're all that you need. Also,
it has hooks so that you can add more.

There's also the Configure extension, which lets you do the same thing but
with more settings (and a less-nice interface, in my opinion), though it
apparently doesn't work with recent versions of MediaWiki:

https://www.mediawiki.org/wiki/Extension:Configure

-Yaron
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Any security problems involved in letting administrators edit LocalSettings.php via a wiki page?

Tim Starling-2
In reply to this post by Jean Valjean
On 02/07/17 08:22, Jean Valjean wrote:
> Well I did take my passwords out of webroot.
> https://www.mediawiki.org/wiki/Manual:Securing_database_passwords#Keep_MySQL_Passwords_Out_Of_Webroot

That doesn't help. It's trivial to get the MySQL password, you can
just do "echo $wgDBpassword", not that it is necessary to do anything
that an attacker might want to do.

-- Tim Starling


_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Loading...