Security: "Other confidential issue" does not do anything
Closed, ResolvedPublic

Description

I filed a new task (152957) and marked it as Security: "Other confidential issue" as it included privileged information. To my surprise, right after I posted it, I saw wikibugs mentioning it at the #wikimedia-operations IRC channel, and its contents were visible to all (the visibility/edit policy were set to public/all).

As far as I understand it, this option does nothing, while claiming to protect confidential data. This is an extremely dangerous option that could result in data leaks. This should be fixed ASAP, and an audit of tasks that were marked as confidential should be made.

Related Objects

faidon created this task.Dec 12 2016, 2:09 PM
Restricted Application added subscribers: Jay8g, Luke081515, TerraCodes, Aklapper. · View Herald TranscriptDec 12 2016, 2:09 PM
Krenair added a subscriber: Krenair.

See also T142516

mmodell claimed this task.Dec 12 2016, 3:54 PM

the "security field" no longer has any affect. It's only remaining for historical reasons - to not lose the bit of information on old tasks which had a value set. It should not be left editable on any forms, so that it won't give false impressions. I will fix that right away.

The task that @Krenair linked above is about making a form specifically for 'other confidential issues' ... It's not currently linked from anywhere prominent, but here is the form: https://phabricator.wikimedia.org/maniphest/task/edit/form/23/

I've hidden the security field from the 'advanced' task form. In other places the field is visible but locked.

mmodell closed this task as Resolved.Dec 12 2016, 4:09 PM

Thanks, that was fast :) When was this changed? Shouldn't we audit all the tasks opened using that functionality since it was deprecated to make sure we don't have any such tasks that inadvertently leak data?

https://phabricator.wikimedia.org/maniphest/query/48.DJHSXxbO_/#R shows all tasks with security flag set. Searching when logged out only produces 3 open tasks. Superficially they do not look like they are particularly sensitive.

I've hidden the security field from the 'advanced' task form.

https://wikitech.wikimedia.org/wiki/Operations_requests#Domain_requests welcomes an update by Operations.