Page MenuHomePhabricator
Create Task
Maniphest T102647

Add Wikipedia Northern Luri and Wikipedia Goan Konkani to labs replicas
Closed, ResolvedPublic
Actions

Description

Database names:

gomwiki: T96468
lrcwiki: T102026

Details

SubjectRepoBranchLines /-
toollabs: Add gomwiki and lrcwiki db hosts file entriesoperations/puppetproduction 1 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

jcrespo created this task.Jun 16 2015, 4:52 PM
jcrespo raised the priority of this task from to Needs Triage.
jcrespo updated the task description. (Show Details)
jcrespo added projects: DBA, Cloud-Services.
jcrespo subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 16 2015, 4:52 PM
jcrespo updated the task description. (Show Details)Jun 16 2015, 4:53 PM
jcrespo set Security to None.
Krenair subscribed.Jun 16 2015, 4:57 PM
jcrespo moved this task from Triage to Blocked external/Not db team on the DBA board.Jun 18 2015, 10:11 AM
jcrespo triaged this task as Low priority.Jun 18 2015, 10:18 AM
Krenair added a parent task: T103794: add domain alias gomwiki.labsdb and lrcwiki.labsdb for s3.labsdb.Jun 25 2015, 2:53 PM
Krenair mentioned this in T103794: add domain alias gomwiki.labsdb and lrcwiki.labsdb for s3.labsdb.
gerritbot subscribed.Jun 26 2015, 3:06 AM

Change 221045 had a related patch set uploaded (by Alex Monk):
toollabs: Add gomwiki and lrcwiki db hosts file entries

https://gerrit.wikimedia.org/r/221045

gerritbot added a project: Patch-For-Review.Jun 26 2015, 3:06 AM

Change 221045 merged by coren:
toollabs: Add gomwiki and lrcwiki db hosts file entries

https://gerrit.wikimedia.org/r/221045

Krenair mentioned this in rOPUP690c09b7078e: toollabs: Add gomwiki and lrcwiki db hosts file entries.Jun 26 2015, 3:09 AM
Krenair closed this task as Resolved.Jun 26 2015, 3:09 AM
Krenair claimed this task.
jcrespo reopened this task as Open.Jun 26 2015, 6:20 AM

Databases have not yet been sanitized.

jcrespo claimed this task.Jun 26 2015, 6:20 AM
jcrespo moved this task from Blocked external/Not db team to In progress on the DBA board.Jun 26 2015, 6:58 AM
jcrespo closed this task as Resolved.Jun 26 2015, 8:12 AM

Sanitization done.

Krenair added a comment.Jun 26 2015, 11:31 AM

How were they available to labs users on labsdb1003 then?

jcrespo added a comment.Jun 26 2015, 11:34 AM

@Krenair Care to elaborate? Are you saying that they were available and they should not or the other way round?

Krenair added a comment.Jun 26 2015, 11:58 AM

Before we made the hosts change, I checked to see if I could connect to gomwiki_p and lrcwiki_p via mysql --defaults-file=replica.my.cnf -h labsdb1003.eqiad.wmnet on tools-login. I could, so I uploaded the host file change.

jcrespo added a subscriber: coren.EditedJun 26 2015, 12:15 PM

@Krenair Yes, @coren may have added the wikis and perform the second-pass filtering/privilege control at labs side.

As we do not trust that to be effective, we do a first pass sanitization before reaching labs on db1069 - sanitarium. This should have been done first.

While in practice no private data was shared at any time, (and worst case scenario -a 0day- only the emails or blocks of the first users of a recently created wiki will be leaked to labs users, never the hashed passwords) I consider the full process broken and as I say in other tickets, a potential security issue that has to be fully audited, re-evaluated and automatically checked. It should be brought down and set up from 0. It should be opt-in and not opt-out. As of now, let's continue putting patches with the current system. Until something like T101758 bite us.

Mjbmr mentioned this in T106305: Create Wikipedia South Azerbaijani.Jul 23 2015, 4:37 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits