Open Bug 1457574 Opened 7 years ago Updated 1 year ago

Commandeering revisions can potentially be abused

Categories

(Conduit :: Phabricator, enhancement, P3)

Product:
Conduit
Component:
Phabricator
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: gps, Unassigned)

Details

(Keywords: conduit-triaged)

Differential allows any user to "commandeer" a revision. This allows someone else to take ownership of that revision. This feature is useful when say the original author has gone idle and someone else wishes to take over the development of a patch to move it forward. It allows you to retain all the history of a Differential revision (as opposed to creating a new revision and starting from a clean slate). I used it just now on D968 to abandon a revision authored by someone else that would never land. But commandeering can be abused. For example, if there is a contentious patch, someone could commandeer a revision and then mark it as abandoned as a show of disapproval. This would be highly disruptive. Especially if you are playing whack-a-troll with a group of people doing this with throwaway accounts. A more clever nefarious actor might use the Conduit API to iterate over all open differential revisions, commandeer them, then abandon them, etc. They could cause significant disruption if they did this on dozens or hundreds of active reviews. I'm not sure what access control Phabricator provides, but it might be worthwhile to limit who can commandeer a revision in order to mitigate abuse vectors.
Yeah, perhaps we need to restrict that (or maybe all actions) to members of BMO's editbugs group. It has a low barrier to entry but does lessen the potential for disruption by malicious users.
Keywords: conduit-triaged
Whiteboard: [phabricator-backlog]
(In reply to Mark Côté [:mcote] from comment #1) > Yeah, perhaps we need to restrict that (or maybe all actions) to members of > BMO's editbugs group. It has a low barrier to entry but does lessen the > potential for disruption by malicious users. Syncing BMO's edit bugs group to a project and having that be part of the "Editable By" policy for all revisions makes a lot of sense to me. This should make it so only edit bugs can commandeer, as well as do all the other things around editing a revision (Anyone can still edit their own revision, of course.)
Keywords: conduit-backlog
Whiteboard: [phabricator-backlog]
Keywords: conduit-backlog
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.