Closed Bug 291888 Opened 20 years ago Closed 8 years ago

Bonsai doesn't verify that checkin emails came from the live cvs repo

Categories

(Webtools Graveyard :: Bonsai, defect)

Product:
Webtools Graveyard
Component:
Bonsai
Type:
defect
Priority:
Not set
Severity:
blocker

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: chase, Assigned: tara)

Details

Attachments

(1 file)

v1.0 (untested)
1.93 KB, patch
Details | Diff | Splinter Review 
roc was able to send mail to the bonsai store on accident by committing to a
local copy of the repository.  Aside from the obvious ("THIS SHOULD NOT BE
POSSIBLE"), we need to scrub rocallahan's commit from bonsai's memory.

His commit can be seen at:
http://bonsai.mozilla.org/showcheckins.cgi?person=rocallahan

Since roc could do this, it's possible someone has done this before, as well. 
The proper thing to do is to wipe the DB and rebuild the database using bonsai's
scripts.  The downside is that's a chunk of black magic and we'd be dabbling in
the core of what makes us tick.  Yuck.
Assignee: chase → justdave
Component: Bonsai → Server Operations
Product: Webtools → mozilla.org
QA Contact: timeless → myk
Version: Trunk → other
Thanks to bz and timeless, the bonsai records have been scrubbed. But we should
still have bugs about fixing the access control and possibly rebuilding bonsai.
Maybe after FF 1.1 has shipped...
fwiw the bonsai magic we used is fairly public and fairly tested (mostly by me on the live bonsai). 
specifically a second commit to the same version clobbers the old record, so we didn't really have to do 
anything (since roc was going to commit the same stuff later). and bz's magic removed half of the 
association. i need a bug about the fact that the remove stuff didn't actually delete the file version 
records...
rebuilding the database takes about 10 hours.  I know because I just did it
about 2 months ago.

It can be done in pieces.  It's recently been fixed so you can do it a directory
at a time.

bonsai not attempting to verify the source of the email is a major problem IMO.
Assignee: justdave → tara
Component: Server Operations → Bonsai
Product: mozilla.org → Webtools
QA Contact: myk → timeless
Hardware: PC → All
Summary: purge rocallahan's commit from bonsai's record → Bonsai doesn't verify that checkin emails came from the live cvs repo
This can be dealt with on cvs-www via the fix already checked in on bug 244801,
except that fix only works if the cvs repo and bonsai are on the same physical
machine.

Bug 200798 offers a way to communicate via HTTP instead of email (which could
possibly be authenticated).
Severity: normal → blocker
Attached patch v1.0 (untested)Splinter Review 
Here's an untested patch to add basic token functionality.  The check for the Bonsai-Token header could be more robust.  And we should probably figure out how to generate a random token string upon 'make install' since it doesn't matter what the token is as long as it's the same in dolog.pl & handleCheckinMail.pl .
QA Contact: timeless → bonsai
Bonsai was decommissioned, closing all remaining bugs "wontfix"
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
Product: Webtools → Webtools Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: