Sanity Check is too broadly accessible

RESOLVED FIXED in Bugzilla 2.22

Status

()

P2
major
RESOLVED FIXED
18 years ago
12 years ago

People

(Reporter: CodeMachine, Assigned: LpSolit)

Tracking

2.13
Bugzilla 2.22
Dependency tree / graph
Bug Flags:
approval +
blocking3.0 +
approval2.22 +
blocking2.22.2 -

Details

Attachments

(2 attachments)

(Reporter)

Description

18 years ago
We should introduce a new system group to allow administrators to specify who
can perform sanity checks.

In bug #54556 we did a bandaid and made sure you needed editbugs, but I don't
think this is sufficient long term.
(Reporter)

Updated

18 years ago
Depends on: 68022, 69616
Priority: -- → P2
Target Milestone: --- → Bugzilla 2.16
(Reporter)

Updated

18 years ago
No longer depends on: 69616
(Reporter)

Updated

18 years ago
No longer depends on: 68022
(Reporter)

Updated

18 years ago
Depends on: 68022, 69616
(Reporter)

Comment 1

18 years ago
Moving to new Bugzilla product ...
Assignee: tara → justdave
Component: Bugzilla → Administration
Product: Webtools → Bugzilla
Version: Bugzilla 2.13 → 2.13
We are currently trying to wrap up Bugzilla 2.16.  We are now close enough to
release time that anything that wasn't already ranked at P1 isn't going to make
the cut.  Thus this is being retargetted at 2.18.  If you strongly disagree with
this retargetting, please comment, however, be aware that we only have about 2
weeks left to review and test anything at this point, and we intend to devote
this time to the remaining bugs that were designated as release blockers.
Target Milestone: Bugzilla 2.16 → Bugzilla 2.18
(Reporter)

Updated

15 years ago
Severity: normal → enhancement
Enhancements which don't currently have patches on them which are targetted at
2.18 are being retargetted to 2.20 because we're about to freeze for 2.18. 
Consideration will be taken for moving items back to 2.18 on a case-by-case
basis (but is unlikely for enhancements)
Target Milestone: Bugzilla 2.18 → Bugzilla 2.20
Bugzilla 2.20 feature set is now frozen as of 15 Sept 2004.  Anything flagged
enhancement that hasn't already landed is being pushed out.  If this bug is
otherwise ready to land, we'll handle it on a case-by-case basis, please set the
blocking2.20 flag to '?' if you think it qualifies.
Target Milestone: Bugzilla 2.20 → Bugzilla 2.22
Reassigning bugs that I'm not actively working on to the default component owner
in order to try to make some sanity out of my personal buglist.  This doesn't
mean the bug isn't being dealt with, just that I'm not the one doing it.  If you
are dealing with this bug, please assign it to yourself.
Assignee: justdave → administration
QA Contact: mattyt-bugzilla → default-qa
*** Bug 286346 has been marked as a duplicate of this bug. ***
We don't necessarily need a whole new group for sanitycheck, we could just
restrict it to the admin group.
Severity: enhancement → normal
Summary: New group for sanity check. → Sanity Check is too broadly accessible
Target Milestone: Bugzilla 2.22 → ---
(Assignee)

Comment 8

12 years ago
Since bug 277454, sanitycheck.cgi can alter the group_control_map table. Users with editbugs privs only shouldn't be allowed to alter this table at all!

Moving this bug to the security group till we upgrade to avoid users to be tempted to do it on b.m.o.
Group: webtools-security
Severity: normal → major
Flags: blocking3.0?
Flags: blocking2.22.2?
This blocks 3.0 for the reasons that LpSolit explains. But we need to get 2.22.2 out fast (for MySQL 5.0.26 support), so we can't block that on this.
Flags: blocking3.0?
Flags: blocking3.0+
Flags: blocking2.22.2?
Flags: blocking2.22.2-
Target Milestone: --- → Bugzilla 2.22
(Assignee)

Comment 10

12 years ago
Created attachment 248743 [details] [diff] [review]
patch for tip, v1

editcomponents privs seem the right compromise now.
Assignee: administration → LpSolit
Status: NEW → ASSIGNED
Attachment #248743 - Flags: review?(mkanat)
Attachment #248743 - Flags: review?(mkanat) → review+
(Assignee)

Comment 11

12 years ago
Created attachment 248774 [details] [diff] [review]
backport for 2.22, v1
Attachment #248774 - Flags: review?(justdave)
(Assignee)

Updated

12 years ago
Flags: approval?
Flags: approval2.22?
Attachment #248774 - Flags: review?(justdave) → review+
(Assignee)

Updated

12 years ago
Keywords: relnote
Flags: approval?
Flags: approval2.22?
Flags: approval2.22+
Flags: approval+
(Assignee)

Comment 12

12 years ago
tip:

Checking in sanitycheck.cgi;
/cvsroot/mozilla/webtools/bugzilla/sanitycheck.cgi,v  <--  sanitycheck.cgi
new revision: 1.126; previous revision: 1.125
done

2.22.1:

Checking in sanitycheck.cgi;
/cvsroot/mozilla/webtools/bugzilla/sanitycheck.cgi,v  <--  sanitycheck.cgi
new revision: 1.110.2.2; previous revision: 1.110.2.1
done
Status: ASSIGNED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → FIXED
(Assignee)

Comment 13

12 years ago
Now that we released 2.22.2 and 2.23.4, we can make this bug public.
Group: webtools-security
Added to the release notes as part of bug 349423.
Keywords: relnote
You need to log in before you can comment on or make changes to this bug.