opendev/gerrit
Code Issues Proposed changes

Remove the generateHttpPassword capability

Browse Source 
Remove the Generate HTTP Password capability because it exposes a
security vulnerability.  Any user that is granted this capability
can modify an administrator's http password and impersonate the
admin user.  Other reasons for removing this capability are that
the usage of it is inconsistent with the modifyAccount capability
and this capability encourages adding additional capabilities to
restrict permissions, which is not desired.

With this change only administrators are allowed to generate and
delete other users' http passwords.

The motivation behind this change is from comments in changes
Ib1971fad and If8296539.

Change-Id: Id907cc103591eed029fd08af700bb1bb6a618ff8
This commit is contained in:
Khai Do
2014-09-25 13:59:28 -07:00
parent c563e98d9b
commit cf9bce2191
9 changed files with 5 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
gerrit-common/src/main/java/com/google/gerrit/common/data/GlobalCapability.java
View File

@@ -61,9 +61,6 @@ public class GlobalCapability {
/** Can flush any cache except the active web_sessions cache. */
public static final String FLUSH_CACHES = "flushCaches";
/** Can generate HTTP passwords for user other than self. */
public static final String GENERATE_HTTP_PASSWORD = "generateHttpPassword";
/** Can terminate any task using the kill command. */
public static final String KILL_TASK = "killTask";
@@ -112,7 +109,6 @@ public class GlobalCapability {
NAMES_ALL.add(CREATE_PROJECT);
NAMES_ALL.add(EMAIL_REVIEWERS);
NAMES_ALL.add(FLUSH_CACHES);
NAMES_ALL.add(GENERATE_HTTP_PASSWORD);
NAMES_ALL.add(KILL_TASK);
NAMES_ALL.add(MODIFY_ACCOUNT);
NAMES_ALL.add(PRIORITY);