Page MenuHomePhabricator
Create Task
Maniphest T5072

Remove option to unblock self
Closed, DeclinedPublic
Actions

Description

Admins should never fight, and if they do fight, they certainly should
never get into blocking wars. Standard practice says that admin should,
like anyone else, petition another admin to be unblocked if they believe
they were blocked unfairly. I would request that this be enforced at the
technical level by removing the option for an admin who is blocked to
unblock himself.

It may also be worth considering whether or not all of the sysop tools
should be disabled when an admin is blocked.

Version: unspecified
Severity: enhancement

Details

Reference
bz3072

Event Timeline

bzimport raised the priority of this task from to Lowest.Nov 21 2014, 8:46 PM
bzimport added a project: MediaWiki-General.
bzimport set Reference to bz3072.
bzimport added a subscriber: Unknown Object (MLST).
Dragons_flight created this task.Aug 8 2005, 3:30 PM
brion added a comment.Aug 8 2005, 3:34 PM

A couple major problems:

  • If a rogue admin blocks all other admins, no one else can recover

without external assistance.

  • If a range or IP block accidentally hits an admin, the admin cannot

recover. On a small wiki with a single admin this may be unrecoverable
without interference in the database.

If there is a need to block a sysop, it would make sense to desysop that
account first.

bzimport added a comment.Aug 8 2005, 3:42 PM

en.ABCD wrote:

A third problem - if an admin wants to test using blocks, usually the admin will
simply test by blocking him- or herself.

bzimport added a comment.May 9 2007, 4:27 PM

ayg wrote:

*** Bug 9851 has been marked as a duplicate of this bug. ***

bzimport added a comment.May 9 2007, 4:33 PM

ayg wrote:

(In reply to comment bug 9851 comment #2)

Not to argue, but there is no difference between an admin blocking all and
acting unchecked, or unblocking himself repeatedly to do that. Except that only
one of them is likely to delete the main page or edit the sitenotice of a top 10
website with 100 other admins that it would be impossible to block, practically
speaking.

It would be quite easy to write a script to block every other admin on the site
at once. There are no restrictions on simultaneous blocks. Presumably to
compromise an account you need to be a script kiddie already, and any script
kiddie could block all other admins. A much more reasonable request is the
"sacrifice sysophood to desysop" idea, which permits the majority to immediately
deal with a rogue minority without giving the minority any substantial leeway
(desysopping a single user is not very disruptive at all compared to vandalism
of the main page or whatnot).

Dragons_flight added a comment.May 9 2007, 6:21 PM

One option could be to allow a blocked admin to remove IP blocks and unblock others, but
not himself. For wikis with a nontrivial number of sysops that would allow cooperation to
overcome the "everyone gets blocked" issue, while still limiting the damage that could be
done by a single rogue account.

bzimport added a comment.May 10 2007, 12:52 AM

ayg wrote:

It's simple for a script to block every admin on the wiki simultaneously. The
logic of a Perl script to do that, given a list of admins, would amount to
probably a few lines. You just need to send a couple hundred POSTs over the
course of half a second or whatever, and they should all go through without a
hitch. Resend every half-second for a few seconds if you're worried. And if
we're worried about compromised admin accounts, presumably they were compromised
by script kiddies who could easily write such a script.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL