[Bug 60289] New: C_FORCE_ROOT is bad, change pickle as serialization format for celery

bugzilla-daemon Tue, 21 Jan 2014 08:22:51 -0800

https://bugzilla.wikimedia.org/show_bug.cgi?id=60289


       Web browser: ---
            Bug ID: 60289
           Summary: C_FORCE_ROOT is bad, change pickle as serialization
                    format for celery
           Product: Analytics
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: Unprioritized
         Component: Wikimetrics
          Assignee: wikibugs-l@lists.wikimedia.org
          Reporter: dandree...@wikimedia.org
                CC: christ...@quelltextlich.at, dandree...@wikimedia.org,
                    dvanli...@gmail.com
    Classification: Unclassified
   Mobile Platform: ---

To fix a recent bug I had to upgrade celery.  But this highlighted that we have
a security issue due to Celery running as root and pickle being the default
serialization format.  We need to:

1. stop running Celery as root (configure upstart)
2. stop using pickle as the serialization format

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 60289] New: C_FORCE_ROOT is bad, change pickle as serialization format for celery

Reply via email to