Maniphest T19308

CentralAuth's global logs (gblrights/globalauth) should be global or central instead of local
Closed, DuplicatePublic
Actions

Assigned To

None

Authored By

	• bzimport
	Feb 2 2009, 12:25 AM

Description

Author: mike.lifeguard+bugs

Description:
To force stewards to make global group changes only from Meta instead of any wiki, please change the code to allow assigning 'globalgrouppermissions' as a local steward right instead of a global one. Currently it is forced to be a global right. This may be due to security concerns of which I am unaware, however stewards can now make changes to global group membership from anywhere, but they should only be made on Meta.

/extensions/CentralAuth/SpecialGlobalGroupPermissions.php
42 ## Permission MUST be gained from global rights.
43 return $globalUser->hasGlobalPermission( 'globalgrouppermissions' );

As well, the same for 'globalgroupmembership' and whatever the "edit wiki sets" right is called (I forget) if they are forced to be global rights as well (I couldn't immediately tell from the source code) for the same reason - membership in global groups should be changed and changing wiki sets should be done only from Meta.

Version: unspecified
Severity: enhancement
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=29435
https://bugzilla.wikimedia.org/show_bug.cgi?id=43916

Details

Reference: bz17308

Related Objects

Mentioned In: T31435: CentralAuth's Special:GlobalGroupMembership setup catch-22

Event Timeline

• bzimport raised the priority of this task from to Low.Nov 21 2014, 10:29 PM

• bzimport added a project: MediaWiki-extensions-CentralAuth.

• bzimport set Reference to bz17308.

• bzimport added a subscriber: Unknown Object (MLST).

• bzimport created this task.Feb 2 2009, 12:25 AM

lilewyn wrote:

A user able to modify LocalSettings.php could likely modify migrateStewards.php also and defeat any use of these limits as a security feature. (see also http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=45262 )

It's mostly because it seemed "wrong" at the time to allow global changes to be made with local rights. I am aware that there are existing sections of code where this can occur, but I thought it sensible not to add one more.

I'm happy to be convinced the other way, though. What do others think?

mike.lifeguard+bugs wrote:

(In reply to comment #2)

It's mostly because it seemed "wrong" at the time to allow global changes to be
made with local rights. I am aware that there are existing sections of code
where this can occur, but I thought it sensible not to add one more.

I'm happy to be convinced the other way, though. What do others think?

I just don't understand how/why it "seemed wrong"... to allow global group changes to be made with local rights. As stated initially, this (erroneously) allows stewards to make such changes from any wiki - whereas they should be made only from Meta.

mike.lifeguard+bugs wrote:

*** Bug 14914 has been marked as a duplicate of this bug. ***

Doing that from any wiki means that stewards should have to check on each project Special:Log/gblrights if any steward has anywhere abused his rights. Quite a mess with currently more than 700 projects.

Ruslik00 wrote:

Instead of committing "a crime against Nature" by making global groups manageable as a local right, I would prefer to have truly global logs. Currently there are ~700 local (sic!) global logs, which defies the purpose of having global logs.

I've filed bug 29435 about a related issue -- having access to the global groups assignment controlled by a global group means that you can't really set the system *up* without manual DB intervention to put the first person in the first group.

Global logs would solve the root issue of this current bug (that local logs are hard to find because they're not centralized) but not that one.

Based on the comments above, I suspect that switching it to *allow* (not necessarily *require*) a local right *and* using global logs might be the best of all worlds.

Ruslik00 wrote:

So, I still do not understand, if this is difficult to switch to global logs?

So either:

A) global logging (in the centralauth database ?) which would be accessable from any wiki but only stored once;
or, B) global actions are logged to the logging table of the central wiki. Accessable from the central wiki (Meta-Wiki)

A) is nicer but could be too much work, don't know. B) sounds easy but requires a db-connection to be made to the central wiki and isn't really "global".