Module: check_mk
Branch: master
Commit: 7c63284af63ace69df349e4db90eeccc0409ee35
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=7c63284af63ace…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Sep 24 09:47:19 2018 +0200
6711 SEC Change Check_MK site umask to prevent "world" access
To prevent Check_MK site files from being read by any local system user the Check_MK
sites now have a umask of 0007 set.
The effect of this change is that new files and directories that are created in
the context of the site user are not accessible by "world" users. These are
local system users that are neither the site user nor members of the site
group.
If you don't like this, you can change the umask back to e.g. 0002 in the file
<tt>~/.profile</tt>.
Change-Id: I9a4a88b3de4937f2fa1fbaa18564930ee08e598a
---
.werks/6711 | 19 +++++++++++++++++++
omd/packages/omd/skel/.profile | 3 +++
2 files changed, 22 insertions(+)
diff --git a/.werks/6711 b/.werks/6711
new file mode 100644
index 0000000..5cbf180
--- /dev/null
+++ b/.werks/6711
@@ -0,0 +1,19 @@
+Title: Change Check_MK site umask to prevent "world" access
+Level: 1
+Component: omd
+Compatible: compat
+Edition: cre
+Version: 1.6.0i1
+Date: 1537775010
+Class: security
+
+To prevent Check_MK site files from being read by any local system user the Check_MK
+sites now have a umask of 0007 set.
+
+The effect of this change is that new files and directories that are created in
+the context of the site user are not accessible by "world" users. These are
+local system users that are neither the site user nor members of the site
+group.
+
+If you don't like this, you can change the umask back to e.g. 0002 in the file
+<tt>~/.profile</tt>.
diff --git a/omd/packages/omd/skel/.profile b/omd/packages/omd/skel/.profile
index 86d8a2c..18204c1 100644
--- a/omd/packages/omd/skel/.profile
+++ b/omd/packages/omd/skel/.profile
@@ -5,6 +5,9 @@ export OMD_ROOT=###ROOT###
PATH=$OMD_ROOT/local/bin:$OMD_ROOT/bin:$OMD_ROOT/local/lib/perl5/bin:$PATH
export LD_LIBRARY_PATH=$OMD_ROOT/local/lib:$OMD_ROOT/lib
+# Create files and directories not accessible for "world" by default
+umask 0007
+
# enable local perl env
export PERL5LIB="$OMD_ROOT/local/lib/perl5/lib/perl5:$OMD_ROOT/lib/perl5/lib/perl5:$PERL5LIB"
export PATH="$OMD_ROOT/lib/perl5/bin:$PATH"
Module: check_mk
Branch: master
Commit: c735f71c4c69c7f3bbd4cb091bd701225af3da56
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=c735f71c4c69c7…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Sep 25 13:49:17 2018 +0200
6710 SEC Limit crash reporting functionality to permitted users
The crash reporting functionality of the GUI, which shows a lot of detailed
information about the internal state of the GUI, has been limited to be shown
only to permitted users.
The crash report could be used by attackers to get internal information about
the application state and secrets processed by the GUI.
All not permitted users will now only see a short message about the occurred
crash. Some more information is written to <tt>var/log/web.log</tt>.
Only authenticated administrative users are allowed to see and submit crash
reports by default.
If you like to give all your users the right to see and send crash reports give
them the permission "See crash reports"
A problem with this change may be that some crashes occur only in very specific
situations, for example for specific users. In such a case it may be hard to
get detailed information about the situation when the crash reporting is not
available. We plan to add an improved crash reporting in future versions to
make all occurred crashes available to the Check_MK administrator for later
debugging.
CMK-1037
Change-Id: I7ba306a212572d513041607fb45bcac1dd697d68
---
.werks/6710 | 34 ++++++++++++++++++++++++++++++++++
cmk/gui/crash_reporting.py | 11 +++++++++++
cmk/gui/default_permissions.py | 7 +++++++
cmk/gui/plugins/views/icons/builtin.py | 5 +++++
web/app/index.wsgi | 11 +++++++++--
5 files changed, 66 insertions(+), 2 deletions(-)
diff --git a/.werks/6710 b/.werks/6710
new file mode 100644
index 0000000..4ea80ab
--- /dev/null
+++ b/.werks/6710
@@ -0,0 +1,34 @@
+Title: Limit crash reporting functionality to permitted users
+Level: 1
+Component: multisite
+Class: security
+Compatible: compat
+Edition: cre
+State: unknown
+Version: 1.6.0i1
+Date: 1537727939
+
+The crash reporting functionality of the GUI, which shows a lot of detailed
+information about the internal state of the GUI, has been limited to be shown
+only to permitted users.
+
+The crash report could be used by attackers to get internal information about
+the application state and secrets processed by the GUI.
+
+All not permitted users will now only see a short message about the occurred
+crash. Some more information is written to <tt>var/log/web.log</tt>.
+
+Only authenticated administrative users are allowed to see and submit crash
+reports by default.
+
+If you like to give all your users the right to see and send crash reports give
+them the permission "See crash reports"
+
+A problem with this change may be that some crashes occur only in very specific
+situations, for example for specific users. In such a case it may be hard to
+get detailed information about the situation when the crash reporting is not
+available. We plan to add an improved crash reporting in future versions to
+make all occurred crashes available to the Check_MK administrator for later
+debugging.
+
+CMK-1037
diff --git a/cmk/gui/crash_reporting.py b/cmk/gui/crash_reporting.py
index 57d20d6..cfc1437 100644
--- a/cmk/gui/crash_reporting.py
+++ b/cmk/gui/crash_reporting.py
@@ -60,6 +60,17 @@ def page_gui_crash():
def page_crashed(what):
+ # Do not reveal crash context information to unauthenticated users or not permitted
+ # users to prevent disclosure of internal information
+ if not config.user.may("general.see_crash_reports"):
+ html.header(_("Internal error"), stylesheets=["status", "pages"])
+ html.show_error("<b>%s:</b> %s" % (_("Internal error"), sys.exc_info()[1]))
+ html.p(_("An internal error occurred while processing your request. "
+ "You can report this issue to your Check_MK administrator. "
+ "Detailed information can be found in <tt>var/log/web.log</tt>."))
+ html.footer()
+ return
+
if what == "check":
site = html.var("site")
host = html.var("host")
diff --git a/cmk/gui/default_permissions.py b/cmk/gui/default_permissions.py
index 3384ad0..9b68ef9 100644
--- a/cmk/gui/default_permissions.py
+++ b/cmk/gui/default_permissions.py
@@ -174,6 +174,13 @@ def load_plugins(force):
_("Show the column for stale host and service checks in the tactical overview snapin."),
[ "guest", "user", "admin" ])
+ config.declare_permission("general.see_crash_reports",
+ _("See crash reports"),
+ _("In case an exception happens while Check_MK is running it may produce crash reports that you can "
+ "use to track down the issues in the code or send it as report to the Check_MK team to fix this issue "
+ "Only users with this permission are able to see the reports in the GUI."),
+ [ "admin" ])
+
loaded_with_language = cmk.gui.i18n.get_current_language()
diff --git a/cmk/gui/plugins/views/icons/builtin.py b/cmk/gui/plugins/views/icons/builtin.py
index 4c00d5a..bd6032b 100644
--- a/cmk/gui/plugins/views/icons/builtin.py
+++ b/cmk/gui/plugins/views/icons/builtin.py
@@ -840,6 +840,11 @@ def paint_icon_crashed_check(what, row, tags, host_custom_vars):
if what == "service" \
and row["service_state"] == 3 \
and "check failed - please submit a crash report!" in row["service_plugin_output"] :
+
+ if not config.user.may("general.see_crash_reports"):
+ return 'crash', _("This check crashed. Please inform a Check_MK user that is allowed "
+ "to view and submit crash reports to the development team.")
+
crashurl = html.makeuri([("site", row["site"]),
("host", row["host_name"]),
("service", row["service_description"])], filename="crashed_check.py")
diff --git a/web/app/index.wsgi b/web/app/index.wsgi
index e0cc0d1..53244e4 100644
--- a/web/app/index.wsgi
+++ b/web/app/index.wsgi
@@ -71,8 +71,15 @@ class Application(object):
# Create an object that contains all data about the request and
# helper functions for creating valid HTML. Parse URI and
# store results in the request object for later usage.
- h = cmk.gui.htmllib.html(self._request, self._response)
- cmk.gui.globals.html.set_current(h)
+ try:
+ h = cmk.gui.htmllib.html(self._request, self._response)
+ cmk.gui.globals.html.set_current(h)
+ except Exception:
+ logger.exception("Failed to process request")
+ self._response.set_content_type("text/plain; charset=UTF-8")
+ self._response.write("Failed to process request. Have a look at 'var/log/web.log' "
+ "for more information.\n")
+ return
self._process_request()
Module: check_mk
Branch: master
Commit: cf4c8dad7211fd648f7ef5c5e3787990e17e28a3
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=cf4c8dad7211fd…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Sep 25 13:51:46 2018 +0200
6709 SEC Fixed possible information disclosure to apache log when ing users
An administrator has the ability to create new users. The entials of a
newly created user were visible within the HTML of the resulting web as
GET parameter of various hyperlinks. If one of these links was clicked, the
credentials were stored in the administrator’s browser history and he
access logs of the server.
CMK-967
Change-Id: I1be7051d97756b1fd4135b032833df18de63eee5
---
.werks/6709 | 15 +++++++++++++++
cmk/gui/wato/__init__.py | 18 +++++++++---------
2 files changed, 24 insertions(+), 9 deletions(-)
diff --git a/.werks/6709 b/.werks/6709
new file mode 100644
index 0000000..222b4df
--- /dev/null
+++ b/.werks/6709
@@ -0,0 +1,15 @@
+Title: Fixed possible information disclosure to apache log when editing users
+Level: 1
+Component: wato
+Class: security
+Compatible: compat
+Edition: cre
+State: unknown
+Version: 1.6.0i1
+Date: 1537538044
+
+An administrator has the ability to create new users. The credentials of a
+newly created user were visible within the HTML of the resulting web page as
+GET parameter of various hyperlinks. If one of these links was clicked, the
+credentials were stored in the administrator’s browser history and in the access
+logs of the server.
diff --git a/cmk/gui/wato/__init__.py b/cmk/gui/wato/__init__.py
index 100049d..474c151 100644
--- a/cmk/gui/wato/__init__.py
+++ b/cmk/gui/wato/__init__.py
@@ -9266,21 +9266,21 @@ class ModeEditUser(WatoMode):
# Authentication: Password or Secret
auth_method = html.var("authmethod")
if auth_method == "secret":
- secret = html.var("secret", "").strip()
+ secret = html.var("_auth_secret", "").strip()
user_attrs["automation_secret"] = secret
user_attrs["password"] = encrypt_password(secret)
increase_serial = True # password changed, reflect in auth serial
else:
- password = html.var("password_" + self._pw_suffix(), '').strip()
- password2 = html.var("password2_" + self._pw_suffix(), '').strip()
+ password = html.var("_password_" + self._pw_suffix(), '').strip()
+ password2 = html.var("_password2_" + self._pw_suffix(), '').strip()
# We compare both passwords only, if the user has supplied
# the repeation! We are so nice to our power users...
# Note: this validation is done before the main-validiation later on
# It doesn't make any sense to put this block into the main validation function
if password2 and password != password2:
- raise MKUserError("password2", _("The both passwords do not match."))
+ raise MKUserError("_password2", _("The both passwords do not match."))
# Detect switch back from automation to password
if "automation_secret" in user_attrs:
@@ -9463,14 +9463,14 @@ class ModeEditUser(WatoMode):
html.open_td()
if not self._is_locked('password'):
- html.password_input("password_" + self._pw_suffix(), autocomplete="new-password")
+ html.password_input("_password_" + self._pw_suffix(), autocomplete="new-password")
html.close_td()
html.close_tr()
html.open_tr()
html.td(_("repeat:"))
html.open_td()
- html.password_input("password2_" + self._pw_suffix(), autocomplete="new-password")
+ html.password_input("_password2_" + self._pw_suffix(), autocomplete="new-password")
html.write_text(" (%s)" % _("optional"))
html.close_td()
html.close_tr()
@@ -9486,8 +9486,8 @@ class ModeEditUser(WatoMode):
html.write_text(_("Not permitted to change the password. Change can not be enforced."))
else:
html.i(_('The password can not be changed (It is locked by the user connector).'))
- html.hidden_field('password', '')
- html.hidden_field('password2', '')
+ html.hidden_field('_password', '')
+ html.hidden_field('_password2', '')
html.close_td()
html.close_tr()
@@ -9498,7 +9498,7 @@ class ModeEditUser(WatoMode):
_("Automation secret for machine accounts"))
html.open_ul()
- html.text_input("secret", self._user.get("automation_secret", ""), size=30,
+ html.text_input("_auth_secret", self._user.get("automation_secret", ""), size=30,
id_="automation_secret")
html.write_text(" ")
html.open_b(style=["position: relative", "top: 4px;"])
Module: check_mk
Branch: master
Commit: 387c42b2a6593c81d6c404ad71a022c9a27e72cc
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=387c42b2a6593c…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Fri Sep 21 19:05:35 2018 +0200
mkbackup: Do not fail when liveproxyd state file is currently being written
Change-Id: I1fe287fc859daaae649c06ae366df7d680ebd007
---
omd/packages/omd/omd | 1 +
1 file changed, 1 insertion(+)
diff --git a/omd/packages/omd/omd b/omd/packages/omd/omd
index a4daa44..f9c78bb 100644
--- a/omd/packages/omd/omd
+++ b/omd/packages/omd/omd
@@ -3543,6 +3543,7 @@ def backup_site_files_to_tarfile(tar, options):
# exclude all temporary files that are created during cmk.store writes
exclude.append("*.mk.new*")
+ exclude.append("var/log/.liveproxyd.state.new*")
def filter_files(filename):
for glob_pattern in exclude: