Homec4science

Lock down some config options

Authored by epriestley <git@epriestley.com> on May 1 2014, 19:23.

Description

Lock down some config options

Summary:
This is just a general review of config options, to reduce the amount of damage a rogue administrator (without host access) can do. In particular:

  • Fix some typos.
  • Lock down some options which would potentially let a rogue administrator do something sketchy.
    • Most of the new locks relate to having them register a new service account, then redirect services to their account. This potentially allows them to read email.
    • Lock down some general disk stuff, which could be troublesome in combination with other vulnerabilities.

Test Plan:

  • Read through config options.
  • Tried to think about how to do evil things with each one.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8928

Details

Committed
epriestley <git@epriestley.com>May 1 2014, 19:23
Pushed
aubortJan 31 2017, 17:16
Parents
rPH68023e64a922: Document multi-factor authentication
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH7145587df7fb: Lock down some config options (authored by epriestley <git@epriestley.com>).May 1 2014, 19:23