* teor schrieb am 2017-08-07 um 08:39 Uhr:
On 7 Aug 2017, at 07:20, Jens Kubieziel maillist@kubieziel.de wrote: https://trac.torproject.org/projects/tor/ticket/23120 and I set the the maximum amount to 17 (chosen arbitrarily). When an account is locked an admin has to unlock it.
Is it possible to lock out all the admins?
One can lock every account on trac. If an account is locked, a person with SSH access has to login to the trac machine and to reset the account. So every locked account can be reset.
So we lived with this risk in the last years and simply relied on the fact that people choose a secure (aka hard-to-guess) password. So we just could return to this state.
Do we have a way of restoring from backups to the state before a TRAC_ADMIN compromise?
The trac machine is backupped and we could probably restore the data (assuming that the compromise didn't happen like ten years ago, the backup is OK etc.).