[Labs-l] [tools] Security issue on replicated db's

Petr Bena benapetr at gmail.com
Mon Jun 24 15:27:00 UTC 2013


One more clarification, because this security issue is affecting users
only (not service groups which are project specific) only users had
their passwords changed, tools should have same

On Mon, Jun 24, 2013 at 5:14 PM, Petr Bena <benapetr at gmail.com> wrote:
> Hi,
>
> today I discovered with help of Coren that there was a security issue
> regarding replica.my.cnf, which could allow anyone who owns a project
> on labs to replicate the file for any user with same credentials as on
> tools project.
>
> Thanks to Coren this was swiftly fixed and thanks to my stupidity new
> passwords were enforced faster than we planned :-) so the security
> issue is resolved now and you all have fresh new replica.my.cnf on
> tools project with different password in order to make sure that
> nobody had their password revealed.
>
> Thanks for your understanding and apologies for all the inconveniences
> and crashed bots / tools. Let me know (or Coren) if anything didn't
> work



More information about the Labs-l mailing list