Hi, I'm looking to adopt tools for WikiProject Red Link Recovery. The tools have been down for months. Top Banana has been busy in real life, taking months to incorporate my patches/suggestions. I contacted him last month to add me as a maintainer, but he hasn't edited since August.
Description
Related Objects
- Mentioned Here
- P6348 tools.tb-dev file backup
Event Timeline
Mentioned in SAL (#wikimedia-cloud) [2017-11-02T20:22:46Z] <bd808> Added Zhuyifei1999 as maintainer to investigate T179599
The directory /data/project/tb-dev/credentials contains one regular file, s51111, which is exactly the same (binary-wise) as /data/project/tb-dev/replica.my.cnf. Since the latter is immutable, I don't find it necessary to delete that file.
The database backup files in /data/project/tb-dev/db_backup/20171029/ are world readable:
tools.tb-dev@tools-bastion-02:~$ ls -al db_backup/20171029/ total 46000 drwxr-sr-x 2 tools.tb-dev tools.tb-dev 4096 Oct 29 06:08 . drwxrwsr-x 45 tools.tb-dev tools.tb-dev 4096 Oct 29 06:08 .. -rw-r--r-- 1 tools.tb-dev tools.tb-dev 44792070 Oct 29 06:08 s51111__common_p.20171029.gz -rw-r--r-- 1 tools.tb-dev tools.tb-dev 285213 Oct 29 06:08 s51111__inconsistent_redirects_p.20171029.gz -rw-r--r-- 1 tools.tb-dev tools.tb-dev 21421 Oct 29 06:08 s51111__oddlinks_p.20171029.gz -rw-r--r-- 1 tools.tb-dev tools.tb-dev 67833 Oct 29 06:08 s51111__rlrl_cawiki_p.20171029.gz -rw-r--r-- 1 tools.tb-dev tools.tb-dev 1734722 Oct 29 06:08 s51111__rlrl_enwiki_p.20171029.gz -rw-r--r-- 1 tools.tb-dev tools.tb-dev 112596 Oct 29 06:08 s51111__rlrl_frwiki_p.20171029.gz -rw-r--r-- 1 tools.tb-dev tools.tb-dev 30540 Oct 29 06:08 s51111__rlrl_lvwiki_p.20171029.gz -rw-r--r-- 1 tools.tb-dev tools.tb-dev 1820 Oct 29 06:08 s51111__rlrl_ptwiki_p.20171029.gz -rw-r--r-- 1 tools.tb-dev tools.tb-dev 16578 Oct 29 06:08 s51111__unlikely_enwiki_p.20171029.gz -rw-r--r-- 1 tools.tb-dev tools.tb-dev 3335 Oct 29 06:08 s51111__unlikely_lvwiki_p.20171029.gz -rw-r--r-- 1 tools.tb-dev tools.tb-dev 3170 Oct 29 06:08 s51111__unlikely_ptwiki_p.20171029.gz
Tool-owned databases on the replicas are all _p-s:
tools.tb-dev@tools-bastion-02:~$ mysql -h c1.labsdb Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 18264 Server version: 10.0.22-MariaDB MariaDB Server Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> SHOW databases LIKE 's51111%'; +----------------------------------+ | Database (s51111%) | +----------------------------------+ | s51111__common_p | | s51111__inconsistent_redirects_p | | s51111__oddlinks_p | | s51111__rlrl_enwiki_p | | s51111__rlrl_ptwiki_p | | s51111__unlikely_enwiki_p | | s51111__unlikely_ptwiki_p | +----------------------------------+ 7 rows in set (0.01 sec) MariaDB [(none)]> Bye tools.tb-dev@tools-bastion-02:~$ mysql -h c3.labsdb Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 100264212 Server version: 10.0.22-MariaDB MariaDB Server Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> SHOW databases LIKE 's51111%'; +---------------------------+ | Database (s51111%) | +---------------------------+ | s51111__common_p | | s51111__rlrl_cawiki_p | | s51111__rlrl_frwiki_p | | s51111__rlrl_lvwiki_p | | s51111__unlikely_lvwiki_p | +---------------------------+ 5 rows in set (0.01 sec) MariaDB [(none)]> Bye tools.tb-dev@tools-bastion-02:~$ mysql -h tools.labsdb Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 40519114 Server version: 10.0.31-MariaDB MariaDB Server Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> SHOW databases LIKE 's51111%'; Empty set (0.00 sec)
I'm unable to find any oauth-related code via tools.tb-dev@tools-bastion-05:~$ find -name \*.txt | grep -i 'oauth'. I don't find any svn or git repos either for this tool, so checking each file manually can be a lot of work.
EDIT: ^ command is broken; meant to use xargs but didn't... argh. Anyhow searching for oauth gives nothing, and password does not show any secret information.
List of non-world-readable files/directories:
tools.tb-dev@tools-bastion-05:~$ find ! -perm -g=r | xargs ls -ld --color=auto -rw------- 1 tools.tb-dev tools.tb-dev 34137 Nov 2 22:23 ./.bash_history drwx--S--- 2 tools.tb-dev tools.tb-dev 4096 May 14 2014 ./.cache drwx--S--- 2 tools.tb-dev tools.tb-dev 4096 Jan 21 2017 ./credentials -r-------- 1 tools.tb-dev tools.tb-dev 52 Jan 21 2017 ./credentials/s51111 drwx--S--- 3 tools.tb-dev tools.tb-dev 4096 May 22 2013 ./.emacs.d drwx--S--- 2 tools.tb-dev tools.tb-dev 4096 May 22 2013 ./.emacs.d/auto-save-list -r-------- 1 tools.tb-dev tools.tb-dev 692 Jul 6 2016 ./.kube/config -rw------- 1 tools.tb-dev tools.tb-dev 41 Jun 24 2013 ./.lesshst -r-------- 1 tools.tb-dev tools.tb-dev 52 Jan 21 2017 ./.my.cnf -rw------- 1 tools.tb-dev tools.tb-dev 912398 Nov 2 21:41 ./.mysql_history -r-------- 1 tools.tb-dev tools.tb-dev 52 Dec 21 2016 ./replica.my.cnf drwx--S--- 2 tools.tb-dev tools.tb-dev 4096 May 3 2015 ./.ssh -rw------- 1 tools.tb-dev tools.tb-dev 884 May 3 2015 ./.ssh/known_hosts drwx--s--x 2 tools.tb-dev tools.tb-dev 4096 Jul 5 2009 ./ts/public_html/cgi-bin -rw------- 1 tools.tb-dev tools.tb-dev 26716 Jun 24 16:33 ./.viminfo
- History files .bash_history, .mysql_history, .viminfo may need checking.
- .lesshst lgtm
- cache has a single empty file motd.legal-displayed.
- Directory .emacs.d => single directory auto-save-list => single empty file .saves-11919-tools-login.pmtpa.wmflabs~
- credentials/s51111 == replica.my.cnf == .my.cnf. All tool-owned databases are _p-s so the databases are public anyways.
- .kube/config is for auth to k8s, $ kubectl get pods is empty so should not leak any information.
- Directory .ssh contains no private keys; .ssh/known_hosts is not comprehensible (contains no unhashed hostname information); the keys inside it should be public keys of various hosts the tool has connected to (eg. cronhost)
- Directory ts/public_html/cgi-bin is empty.
Mentioned in SAL (#wikimedia-cloud) [2017-11-02T23:55:14Z] <zhuyifei1999_> Added harej as maintainer to double check stuffs for T179599
Mentioned in SAL (#wikimedia-cloud) [2017-11-03T01:44:23Z] <zhuyifei1999_> Redacted a password (may or may not be the database password before the replica.my.cnf regenerated) in .mysql_history, to 'T179599 REDACTED'
access.log contains your standard web server access log entries, including IP address, browser header, request. But because all traffic is routed through the same internal IP address, no one's IP address is actually being exposed. I think the file can be kept as-is but I am bringing it up for thoroughness.
.bash_history has nothing sensitive in it that I can see. We may want to, as a precaution, create a backup and then delete the file, but I am not sure how safe/effective that is. (It's not really something that's come up for me before.)
.viminfo looks totally fine
.mysql_info featured a password. It has been redacted.
As for the actual application...
I read common/database.php and found that it was loading the replica.my.cnf file instead of using a hard coded password. Kudos!
I've also noticed the various applications rely on database.php so it can generally be assumed those don't contain hardcoded passwords either. (I made spot checks just to check.)
In sum, it should be safe to hand this tool off to another person.
The owner has now been notified on their wikitech usertalk page, and via email, per instructions.
We now need to wait another 14 days to give them time for possible objections, in case they hadn't seen the messages at Enwiki.
Waiting 14 days, in case @Tb object to this adoption. In the meantime, Toolforge-standards-committee, anyone object?
I did a backup of the the home directory except the cronout and non-latest db backups, to /home/zhuyifei1999/tb-dev.tar.gz (around 11MiB):
I'd upload it here but idk how to do so without all the database creds become public (phab access policy for files gets loose when a file gets linked in any way).
Uh, given https://wikitech.wikimedia.org/wiki/Special:Diff/1775977, I personally don't know if this should be continued.
Mentioned in SAL (#wikimedia-cloud) [2017-11-18T02:11:16Z] <zhuyifei1999_> Removing myself from maintainer list (cc T179599)
Because the proposed adopter has been inactive onwiki for 2+ years, I believe this task might be best closed as declined.