Page MenuHomePhabricator

Add Wikipedia Northern Luri and Wikipedia Goan Konkani to labs replicas
Closed, ResolvedPublic


Database names:

gomwiki: T96468
lrcwiki: T102026

Event Timeline

jcrespo raised the priority of this task from to Needs Triage.
jcrespo updated the task description. (Show Details)
jcrespo added projects: DBA, Cloud-Services.
jcrespo added a subscriber: jcrespo.
jcrespo set Security to None.

Change 221045 had a related patch set uploaded (by Alex Monk):
toollabs: Add gomwiki and lrcwiki db hosts file entries

Change 221045 merged by coren:
toollabs: Add gomwiki and lrcwiki db hosts file entries

Krenair claimed this task.

Databases have not yet been sanitized.

Sanitization done.

How were they available to labs users on labsdb1003 then?

@Krenair Care to elaborate? Are you saying that they were available and they should not or the other way round?

Before we made the hosts change, I checked to see if I could connect to gomwiki_p and lrcwiki_p via mysql -h labsdb1003.eqiad.wmnet on tools-login. I could, so I uploaded the host file change.

@Krenair Yes, @coren may have added the wikis and perform the second-pass filtering/privilege control at labs side.

As we do not trust that to be effective, we do a first pass sanitization before reaching labs on db1069 - sanitarium. This should have been done first.

While in practice no private data was shared at any time, (and worst case scenario -a 0day- only the emails or blocks of the first users of a recently created wiki will be leaked to labs users, never the hashed passwords) I consider the full process broken and as I say in other tickets, a potential security issue that has to be fully audited, re-evaluated and automatically checked. It should be brought down and set up from 0. It should be opt-in and not opt-out. As of now, let's continue putting patches with the current system. Until something like T101758 bite us.