Page MenuHomePhabricator

Add Wikipedia Northern Luri and Wikipedia Goan Konkani to labs replicas
Closed, ResolvedPublic

Description

Database names:

gomwiki: T96468
lrcwiki: T102026

Event Timeline

jcrespo created this task.Jun 16 2015, 4:52 PM
jcrespo raised the priority of this task from to Needs Triage.
jcrespo updated the task description. (Show Details)
jcrespo added projects: DBA, Cloud-Services.
jcrespo added a subscriber: jcrespo.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 16 2015, 4:52 PM
jcrespo updated the task description. (Show Details)Jun 16 2015, 4:53 PM
jcrespo set Security to None.
jcrespo triaged this task as Low priority.Jun 18 2015, 10:18 AM

Change 221045 had a related patch set uploaded (by Alex Monk):
toollabs: Add gomwiki and lrcwiki db hosts file entries

https://gerrit.wikimedia.org/r/221045

Change 221045 merged by coren:
toollabs: Add gomwiki and lrcwiki db hosts file entries

https://gerrit.wikimedia.org/r/221045

Krenair closed this task as Resolved.Jun 26 2015, 3:09 AM
Krenair claimed this task.
jcrespo reopened this task as Open.Jun 26 2015, 6:20 AM

Databases have not yet been sanitized.

jcrespo claimed this task.Jun 26 2015, 6:20 AM
jcrespo closed this task as Resolved.Jun 26 2015, 8:12 AM

Sanitization done.

How were they available to labs users on labsdb1003 then?

@Krenair Care to elaborate? Are you saying that they were available and they should not or the other way round?

Before we made the hosts change, I checked to see if I could connect to gomwiki_p and lrcwiki_p via mysql --defaults-file=replica.my.cnf -h labsdb1003.eqiad.wmnet on tools-login. I could, so I uploaded the host file change.

jcrespo added a subscriber: coren.EditedJun 26 2015, 12:15 PM

@Krenair Yes, @coren may have added the wikis and perform the second-pass filtering/privilege control at labs side.

As we do not trust that to be effective, we do a first pass sanitization before reaching labs on db1069 - sanitarium. This should have been done first.

While in practice no private data was shared at any time, (and worst case scenario -a 0day- only the emails or blocks of the first users of a recently created wiki will be leaked to labs users, never the hashed passwords) I consider the full process broken and as I say in other tickets, a potential security issue that has to be fully audited, re-evaluated and automatically checked. It should be brought down and set up from 0. It should be opt-in and not opt-out. As of now, let's continue putting patches with the current system. Until something like T101758 bite us.