Page MenuHomePhabricator
Create Task
Maniphest T197136

Tie certain user rights to elevated security
Open, HighPublic
Actions

Description

Some features are dangerous and require higher security (in the sense of AuthManager::securitySensitiveOperationStatus); the current approach is to mark special pages as being security sensitive. That's somewhat fragile (someone might mark the special page but forget to mark the API; the special page might get renamed; the same functionality might be available via other pages, unknown to the developer setting the security level). As a fallback mechanism, it would be nice if we could do the same for user rights directly. That would result in poor UX (no way to stash POSTs like the special pages do, no way to create custom error messages (T180888)) but for a fallback mechanism (that is only supposed to be invoked when the interface-level permission checking had a gap) that should be all right.

We would need to differentiate between "user can do X now" and "user can do X after reauthentication" as permission checks are also used for generating edit links and such so currently if the system determines the user can't perform some action, the option perform it is not even presented.

Related Objects
Search...

Event Timeline

Tgr created this task.Jun 13 2018, 3:48 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 13 2018, 3:48 PM
Bawolff subscribed.Jun 13 2018, 4:38 PM

You would also have to be careful about the case where the right is just checked for asethic purposes (e.g. adding a link to the special page if the user has the right to do the action)

Tgr added a comment.Jun 13 2018, 4:39 PM

Good point, there would probably have to be two ways of checking permissions, "has right now" and "can obtain".

Vvjjkkii renamed this task from Tie certain user rights to elevated security to b3aaaaaaaa.Jul 1 2018, 1:04 AM
Vvjjkkii triaged this task as High priority.
Vvjjkkii added projects: CheckUser, Connected-Open-Heritage-Batch-uploads (RAÄ-KMB_1_2017-02), Tamil-Sites, Gamepress, Hashtags, Jade, KartoEditor, Language-2018-Apr-June, New-Editor-Experiences, Mail, TCB-Team (now WMDE-TechWish).
Vvjjkkii updated the task description. (Show Details)
Vvjjkkii removed a subscriber: Aklapper.
CommunityTechBot renamed this task from b3aaaaaaaa to Tie certain user rights to elevated security.Jul 2 2018, 1:50 PM
CommunityTechBot raised the priority of this task from High to Needs Triage.
CommunityTechBot updated the task description. (Show Details)
CommunityTechBot removed projects: TCB-Team (now WMDE-TechWish), Mail, New-Editor-Experiences, Language-2018-Apr-June, KartoEditor, Jade, Hashtags, Gamepress, Tamil-Sites, Connected-Open-Heritage-Batch-uploads (RAÄ-KMB_1_2017-02), CheckUser.
CommunityTechBot added a subscriber: Aklapper.
Tgr added a parent task: T197160: All security-sensitive MediaWiki functionality should require elevated security.Aug 13 2018, 5:55 AM
Tgr mentioned this in T201784: Implement option "require two-factor authentication only for dangerous actions".Aug 13 2018, 6:01 AM
He7d3r subscribed.Aug 13 2018, 11:38 AM
TBolliger moved this task from Backlog to User rights on the MediaWiki-User-management board.Aug 17 2018, 6:45 PM
Phabricator_maintenance added a project: acl*security.Sep 20 2018, 9:15 AM
Xaosflux subscribed.Nov 23 2018, 5:53 AM
AfroThundr3007730 subscribed.Nov 26 2018, 12:52 AM
Tgr updated the task description. (Show Details)Dec 5 2018, 11:22 PM
Tgr mentioned this in T197160: All security-sensitive MediaWiki functionality should require elevated security.Dec 6 2018, 8:19 AM
Tgr mentioned this in T212639: Separate could do / can do / is doing permission checks in MediaWiki.Dec 27 2018, 8:09 AM
Tgr added a comment.Dec 27 2018, 8:11 AM
In T197136#4280122, @Bawolff wrote:

You would also have to be careful about the case where the right is just checked for asethic purposes (e.g. adding a link to the special page if the user has the right to do the action)

Filed as T212639: Separate could do / can do / is doing permission checks in MediaWiki.

BethNaught subscribed.Dec 28 2018, 7:09 PM
Izno subscribed.Dec 29 2018, 2:26 PM
Aklapper removed a project: Security-Core.Nov 27 2019, 12:42 PM
chasemp triaged this task as High priority.Dec 9 2019, 4:56 PM
chasemp added a project: Security.Feb 10 2020, 10:54 PM
chasemp removed a project: acl*security.Feb 20 2020, 8:05 PM
DannyS712 subscribed.Jul 9 2020, 9:28 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits