Fossil SCM
Assorted small improvements to admin-v-setup.md.
Commit
eadf2644e4b469805b4e274257459af01b14dd3a601c62dcf4533b17d65f57c4
Parent
7b58c6fddee3708…
1 file changed
+16
-11
+16
-11
| --- www/admin-v-setup.md | ||
| +++ www/admin-v-setup.md | ||
| @@ -105,12 +105,15 @@ | ||
| 105 | 105 | |
| 106 | 106 | * **Security audit**: The Admin → Security-Audit page runs several |
| 107 | 107 | tests on the Fossil repository's configuration, then reports |
| 108 | 108 | potential problems it found and offers canned solutions. Those |
| 109 | 109 | canned solutions do not do anything that an Admin-user could not do |
| 110 | - via other means. For example, this page's "Take it Private" feature | |
| 111 | - can also be done manually via Admin → Users. | |
| 110 | + via other means, so this page offers the Admin-only user no more | |
| 111 | + power than they otherwise had. For example, this page's "Take it | |
| 112 | + Private" feature can also be done manually via Admin → Users. This | |
| 113 | + page is a convenience, not a grant of new power to the Admin-only | |
| 114 | + user. | |
| 112 | 115 | |
| 113 | 116 | * **Logging**:<a id="log"></a> Admin-only users get to see the various |
| 114 | 117 | Fossil logs in case they need to use them to understand a problem |
| 115 | 118 | they're empowered to solve. An obvious example is a spam attack: the |
| 116 | 119 | Admin might want to find the user's last-used IP, see if they cloned |
| @@ -170,13 +173,13 @@ | ||
| 170 | 173 | status. Admin-only users cannot modify the email alerts setup, |
| 171 | 174 | but they can see some details about its configuration and |
| 172 | 175 | current status.</p> |
| 173 | 176 | |
| 174 | 177 | * <p>The `/urllist` page, which is a read-only page showing the |
| 175 | - ways the repository can be accessed and how it has been accessed in | |
| 176 | - the past. Logically, this is an extension to logging, [covered | |
| 177 | - below](#log).</p> | |
| 178 | + ways the repository can be accessed and how it has been accessed | |
| 179 | + in the past. Logically, this is an extension to logging, | |
| 180 | + [covered above](#log).</p> | |
| 178 | 181 | |
| 179 | 182 | * <p>The Fossil repository SQL schema. This is not particularly |
| 180 | 183 | sensitive information, since you get more or less the same |
| 181 | 184 | information when you clone the repository. It's restricted to |
| 182 | 185 | Admin because it's primarily useful in debugging SQL errors, |
| @@ -302,20 +305,22 @@ | ||
| 302 | 305 | SQL queries against the Fossil repository via Fossil UI. This not |
| 303 | 306 | only allows arbitrary ability to modify the repository blockchain |
| 304 | 307 | and its backing data tables, it can probably also be used to damage |
| 305 | 308 | the host such as via `PRAGMA temp_store = FILE`. |
| 306 | 309 | |
| 307 | -* **TH1**: The [TH1 language][TH1] is quite restricted relative to | |
| 308 | - Tcl, so this author does not believe there is a way to damage the | |
| 309 | - Fossil repository or its host via this feature. Nevertheless, | |
| 310 | - interpreters are a well-known source of security problems, so it | |
| 311 | - seems best to restrict this to Setup users only until we have a good | |
| 312 | - reason why Admin-only users should also have access to it. | |
| 310 | +* **TH1**: The [TH1 language][TH1] is quite restricted relative to the | |
| 311 | + Tcl language it descends from, so this author does not believe there | |
| 312 | + is a way to damage the Fossil repository or its host via the Admin → | |
| 313 | + TH1 feature, which allows exeuction of arbitrary TH1 code within the | |
| 314 | + repository's execution context. Nevertheless, interpreters are a | |
| 315 | + well-known source of security problems, so it seems best to restrict | |
| 316 | + this feature to Setup-only users as long as we lack a good reason | |
| 317 | + for Admin-only users to have access to it. | |
| 313 | 318 | |
| 314 | 319 | |
| 315 | 320 | [fcp]: https://fossil-scm.org/fossil/help?cmd=configuration |
| 316 | 321 | [forum]: https://fossil-scm.org/forum/ |
| 317 | 322 | [rs]: https://www.fossil-scm.org/index.html/doc/trunk/www/settings.wiki |
| 318 | 323 | [sia]: https://fossil-scm.org/fossil/artifact?udc=1&ln=1259-1260&name=0fda31b6683c206a |
| 319 | 324 | [th1]: https://www.fossil-scm.org/index.html/doc/trunk/www/th1.md |
| 320 | 325 | [tt]: https://en.wikipedia.org/wiki/Tiger_team#Security |
| 321 | 326 | [ucap]: https://fossil-scm.org/fossil/setup_ucap_list |
| 322 | 327 |
| --- www/admin-v-setup.md | |
| +++ www/admin-v-setup.md | |
| @@ -105,12 +105,15 @@ | |
| 105 | |
| 106 | * **Security audit**: The Admin → Security-Audit page runs several |
| 107 | tests on the Fossil repository's configuration, then reports |
| 108 | potential problems it found and offers canned solutions. Those |
| 109 | canned solutions do not do anything that an Admin-user could not do |
| 110 | via other means. For example, this page's "Take it Private" feature |
| 111 | can also be done manually via Admin → Users. |
| 112 | |
| 113 | * **Logging**:<a id="log"></a> Admin-only users get to see the various |
| 114 | Fossil logs in case they need to use them to understand a problem |
| 115 | they're empowered to solve. An obvious example is a spam attack: the |
| 116 | Admin might want to find the user's last-used IP, see if they cloned |
| @@ -170,13 +173,13 @@ | |
| 170 | status. Admin-only users cannot modify the email alerts setup, |
| 171 | but they can see some details about its configuration and |
| 172 | current status.</p> |
| 173 | |
| 174 | * <p>The `/urllist` page, which is a read-only page showing the |
| 175 | ways the repository can be accessed and how it has been accessed in |
| 176 | the past. Logically, this is an extension to logging, [covered |
| 177 | below](#log).</p> |
| 178 | |
| 179 | * <p>The Fossil repository SQL schema. This is not particularly |
| 180 | sensitive information, since you get more or less the same |
| 181 | information when you clone the repository. It's restricted to |
| 182 | Admin because it's primarily useful in debugging SQL errors, |
| @@ -302,20 +305,22 @@ | |
| 302 | SQL queries against the Fossil repository via Fossil UI. This not |
| 303 | only allows arbitrary ability to modify the repository blockchain |
| 304 | and its backing data tables, it can probably also be used to damage |
| 305 | the host such as via `PRAGMA temp_store = FILE`. |
| 306 | |
| 307 | * **TH1**: The [TH1 language][TH1] is quite restricted relative to |
| 308 | Tcl, so this author does not believe there is a way to damage the |
| 309 | Fossil repository or its host via this feature. Nevertheless, |
| 310 | interpreters are a well-known source of security problems, so it |
| 311 | seems best to restrict this to Setup users only until we have a good |
| 312 | reason why Admin-only users should also have access to it. |
| 313 | |
| 314 | |
| 315 | [fcp]: https://fossil-scm.org/fossil/help?cmd=configuration |
| 316 | [forum]: https://fossil-scm.org/forum/ |
| 317 | [rs]: https://www.fossil-scm.org/index.html/doc/trunk/www/settings.wiki |
| 318 | [sia]: https://fossil-scm.org/fossil/artifact?udc=1&ln=1259-1260&name=0fda31b6683c206a |
| 319 | [th1]: https://www.fossil-scm.org/index.html/doc/trunk/www/th1.md |
| 320 | [tt]: https://en.wikipedia.org/wiki/Tiger_team#Security |
| 321 | [ucap]: https://fossil-scm.org/fossil/setup_ucap_list |
| 322 |
| --- www/admin-v-setup.md | |
| +++ www/admin-v-setup.md | |
| @@ -105,12 +105,15 @@ | |
| 105 | |
| 106 | * **Security audit**: The Admin → Security-Audit page runs several |
| 107 | tests on the Fossil repository's configuration, then reports |
| 108 | potential problems it found and offers canned solutions. Those |
| 109 | canned solutions do not do anything that an Admin-user could not do |
| 110 | via other means, so this page offers the Admin-only user no more |
| 111 | power than they otherwise had. For example, this page's "Take it |
| 112 | Private" feature can also be done manually via Admin → Users. This |
| 113 | page is a convenience, not a grant of new power to the Admin-only |
| 114 | user. |
| 115 | |
| 116 | * **Logging**:<a id="log"></a> Admin-only users get to see the various |
| 117 | Fossil logs in case they need to use them to understand a problem |
| 118 | they're empowered to solve. An obvious example is a spam attack: the |
| 119 | Admin might want to find the user's last-used IP, see if they cloned |
| @@ -170,13 +173,13 @@ | |
| 173 | status. Admin-only users cannot modify the email alerts setup, |
| 174 | but they can see some details about its configuration and |
| 175 | current status.</p> |
| 176 | |
| 177 | * <p>The `/urllist` page, which is a read-only page showing the |
| 178 | ways the repository can be accessed and how it has been accessed |
| 179 | in the past. Logically, this is an extension to logging, |
| 180 | [covered above](#log).</p> |
| 181 | |
| 182 | * <p>The Fossil repository SQL schema. This is not particularly |
| 183 | sensitive information, since you get more or less the same |
| 184 | information when you clone the repository. It's restricted to |
| 185 | Admin because it's primarily useful in debugging SQL errors, |
| @@ -302,20 +305,22 @@ | |
| 305 | SQL queries against the Fossil repository via Fossil UI. This not |
| 306 | only allows arbitrary ability to modify the repository blockchain |
| 307 | and its backing data tables, it can probably also be used to damage |
| 308 | the host such as via `PRAGMA temp_store = FILE`. |
| 309 | |
| 310 | * **TH1**: The [TH1 language][TH1] is quite restricted relative to the |
| 311 | Tcl language it descends from, so this author does not believe there |
| 312 | is a way to damage the Fossil repository or its host via the Admin → |
| 313 | TH1 feature, which allows exeuction of arbitrary TH1 code within the |
| 314 | repository's execution context. Nevertheless, interpreters are a |
| 315 | well-known source of security problems, so it seems best to restrict |
| 316 | this feature to Setup-only users as long as we lack a good reason |
| 317 | for Admin-only users to have access to it. |
| 318 | |
| 319 | |
| 320 | [fcp]: https://fossil-scm.org/fossil/help?cmd=configuration |
| 321 | [forum]: https://fossil-scm.org/forum/ |
| 322 | [rs]: https://www.fossil-scm.org/index.html/doc/trunk/www/settings.wiki |
| 323 | [sia]: https://fossil-scm.org/fossil/artifact?udc=1&ln=1259-1260&name=0fda31b6683c206a |
| 324 | [th1]: https://www.fossil-scm.org/index.html/doc/trunk/www/th1.md |
| 325 | [tt]: https://en.wikipedia.org/wiki/Tiger_team#Security |
| 326 | [ucap]: https://fossil-scm.org/fossil/setup_ucap_list |
| 327 |