Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

makemysql: automatically update db password in wordpress #103

Open
dkess opened this issue Apr 1, 2019 · 8 comments
Open

makemysql: automatically update db password in wordpress #103

dkess opened this issue Apr 1, 2019 · 8 comments
Labels
enhancement good first issue

Comments

@dkess
Copy link
Member

dkess commented Apr 1, 2019

If a user has a Wordpress website set up and resets their database password, the site becomes completely unusable (even to go into settings and change it). Fixing it requires SSHing in and changing the password in the configuration file.

Luckily, we can automate this with wpcli. The makemysql script should also cd into the public_html folder and run wp config set DB_PASSWORD newpasswordgoeshere. It's OK if the command fails since that just means the user doesn't have a Wordpress site.
@kpengboy
Copy link
Member

kpengboy commented Apr 7, 2019

One must take into account security considerations too. Specifically, last time I checked, wp-cli operates by evaluating the Wordpress PHP code, which is dangerous if the Wordpress files have been compromised. We do not want makemysql to accidentally run malicious code.

@dkess
Copy link
Member Author

dkess commented Apr 7, 2019

Good point. If the site is compromised, it is already able to run malicious code, so we just have to make sure that wpcli is run with the same permissions as the user.

@kpengboy
Copy link
Member

kpengboy commented Apr 7, 2019

Still, though, I think people expect makemysql to be a "safe" command. Allowing it to execute arbitrary code, even as the same user, would still be a major change in the security model of this script.

@dkess
Copy link
Member Author

dkess commented Apr 7, 2019

I don't see it as a change in security model at all. There are two cases:

  • The site is a regular WordPress site, in which case it works properly
  • The site is compromised, in which case it can run whatever code it wants, so interaction with this script doesn't matter

@kpengboy
Copy link
Member

Still, I suppose there could, at least in principle, be an issue with makemysql triggering the execution of malicious code that could, for instance, detect when the database password is being changed through wp-cli and email the new password off to the attacker. Or something.

I would suggest putting the wp-cli stuff behind a command line option, or at least having an option to skip it.

@gundralaa
Copy link
Contributor

Hi! Me and snarain worked on a small commit to the initial makemysql script that creates a db pass and assigns it to a temp file that the makemysql-real python script reads. We cant run the modified python script due to privileges but can someone could look at our commit on?
https://github.com/ocf/utils/tree/wp-automatic-db-pass

@dkess
Copy link
Member Author

dkess commented Oct 5, 2019
edited
Loading

Thanks for working on this! You should still be able to test the script locally by installing Wordpress on your personal OCF account and running the script from your home directory.

nvmd, I'm wrong about this, can a root staffer please test this? I'll be out of town for the next week and don't expect to have the time to test this.

@cg505
Copy link
Member

cg505 commented Dec 7, 2019

Done in #129, although we may want to polish some ends (like not failing when there's no wp installation)

@axmmisaka axmmisaka mentioned this issue May 11, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement good first issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dkess @cg505 @kpengboy @gundralaa