Log email changes for all users
Closed, ResolvedPublic
Actions

Description

Right now we log sysop email changes in badpass (from a hook in wmf-config)

We should log this in core to the authentication channel and we should do it for all users

For example, in the event of compromise and attacker changes email, we want to know the old email so we can return account to original users, as well as the new email in the logs for ease of grepping

Details

Project	Branch	Lines +/-	Subject
mediawiki/core	master	+9 -0	SpecialChangeEmail: Log email changes
mediawiki/core	REL1_31	+10 -0	SpecialChangeEmail: Log email changes
mediawiki/core	REL1_27	+10 -0	SpecialChangeEmail: Log email changes
mediawiki/core	REL1_30	+10 -0	SpecialChangeEmail: Log email changes
mediawiki/core	REL1_29	+10 -0	SpecialChangeEmail: Log email changes

Customize query in gerrit

Event Timeline

Bawolff created this task.Nov 22 2016, 10:34 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 22 2016, 10:34 PM

• dpatrick triaged this task as High priority.Dec 7 2016, 5:48 PM

Reedy added a project: MediaWiki-User-preferences.Sep 13 2017, 4:45 PM

jrbs added a subscriber: jrbs.Jul 6 2018, 11:58 PM

@Anomie or @Tgr any chance one of you could get a patch sorted for this ASAP?

Reedy added a project: MediaWiki-Special-pages.Jul 7 2018, 12:00 AM

Reedy updated the task description. (Show Details)

Nikerabbit added a subscriber: Nikerabbit.Jul 7 2018, 8:40 AM

0001-SpecialChangeEmail-Log-email-changes.patch1 KBDownload

LGTM. Any reason we can't just push this one in public?

Fine by me. I only put it here because that's what we do for private Security tasks.

Yup, I know :)

Just thinking we might aswell make life easier all around by putting it into gerrit. It's not fixing a security bug particularly, but it is a form of hardening :)

Then we can backport/cherry pick to the branches and get it there too

Now in Gerrit as https://gerrit.wikimedia.org/r/#/c/mediawiki/core/+/445016