[checkmk-commits] 6710 SEC Limit crash reporting functionality to permitted users

Module: check_mk Branch: master Commit: c735f71c4c69c7f3bbd4cb091bd701225af3da56 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=c735f71c4c69c7… Author: Lars Michelsen &lt;lm(a)mathias-kettner.de&gt; Date: Tue Sep 25 13:49:17 2018 +0200 6710 SEC Limit crash reporting functionality to permitted users The crash reporting functionality of the GUI, which shows a lot of detailed information about the internal state of the GUI, has been limited to be shown only to permitted users. The crash report could be used by attackers to get internal information about the application state and secrets processed by the GUI. All not permitted users will now only see a short message about the occurred crash. Some more information is written to <tt>var/log/web.log</tt>. Only authenticated administrative users are allowed to see and submit crash reports by default. If you like to give all your users the right to see and send crash reports give them the permission "See crash reports" A problem with this change may be that some crashes occur only in very specific situations, for example for specific users. In such a case it may be hard to get detailed information about the situation when the crash reporting is not available. We plan to add an improved crash reporting in future versions to make all occurred crashes available to the Check_MK administrator for later debugging. CMK-1037 Change-Id: I7ba306a212572d513041607fb45bcac1dd697d68 --- .werks/6710 | 34 ++++++++++++++++++++++++++++++++++ cmk/gui/crash_reporting.py | 11 +++++++++++ cmk/gui/default_permissions.py | 7 +++++++ cmk/gui/plugins/views/icons/builtin.py | 5 +++++ web/app/index.wsgi | 11 +++++++++-- 5 files changed, 66 insertions(+), 2 deletions(-) diff --git a/.werks/6710 b/.werks/6710 new file mode 100644 index 0000000..4ea80ab --- /dev/null +++ b/.werks/6710 @@ -0,0 +1,34 @@ +Title: Limit crash reporting functionality to permitted users +Level: 1 +Component: multisite +Class: security +Compatible: compat +Edition: cre +State: unknown +Version: 1.6.0i1 +Date: 1537727939 + +The crash reporting functionality of the GUI, which shows a lot of detailed +information about the internal state of the GUI, has been limited to be shown +only to permitted users. + +The crash report could be used by attackers to get internal information about +the application state and secrets processed by the GUI. + +All not permitted users will now only see a short message about the occurred +crash. Some more information is written to <tt>var/log/web.log</tt>. + +Only authenticated administrative users are allowed to see and submit crash +reports by default. + +If you like to give all your users the right to see and send crash reports give +them the permission "See crash reports" + +A problem with this change may be that some crashes occur only in very specific +situations, for example for specific users. In such a case it may be hard to +get detailed information about the situation when the crash reporting is not +available. We plan to add an improved crash reporting in future versions to +make all occurred crashes available to the Check_MK administrator for later +debugging. + +CMK-1037 diff --git a/cmk/gui/crash_reporting.py b/cmk/gui/crash_reporting.py index 57d20d6..cfc1437 100644 --- a/cmk/gui/crash_reporting.py +++ b/cmk/gui/crash_reporting.py @@ -60,6 +60,17 @@ def page_gui_crash(): def page_crashed(what): + # Do not reveal crash context information to unauthenticated users or not permitted + # users to prevent disclosure of internal information + if not config.user.may("general.see_crash_reports"): + html.header(_("Internal error"), stylesheets=["status", "pages"]) + html.show_error("<b>%s:</b> %s" % (_("Internal error"), sys.exc_info()[1])) + html.p(_("An internal error occurred while processing your request. " + "You can report this issue to your Check_MK administrator. " + "Detailed information can be found in <tt>var/log/web.log</tt>.")) + html.footer() + return + if what == "check": site = html.var("site") host = html.var("host") diff --git a/cmk/gui/default_permissions.py b/cmk/gui/default_permissions.py index 3384ad0..9b68ef9 100644 --- a/cmk/gui/default_permissions.py +++ b/cmk/gui/default_permissions.py @@ -174,6 +174,13 @@ def load_plugins(force): _("Show the column for stale host and service checks in the tactical overview snapin."), [ "guest", "user", "admin" ]) + config.declare_permission("general.see_crash_reports", + _("See crash reports"), + _("In case an exception happens while Check_MK is running it may produce crash reports that you can " + "use to track down the issues in the code or send it as report to the Check_MK team to fix this issue " + "Only users with this permission are able to see the reports in the GUI."), + [ "admin" ]) + loaded_with_language = cmk.gui.i18n.get_current_language() diff --git a/cmk/gui/plugins/views/icons/builtin.py b/cmk/gui/plugins/views/icons/builtin.py index 4c00d5a..bd6032b 100644 --- a/cmk/gui/plugins/views/icons/builtin.py +++ b/cmk/gui/plugins/views/icons/builtin.py @@ -840,6 +840,11 @@ def paint_icon_crashed_check(what, row, tags, host_custom_vars): if what == "service" \ and row["service_state"] == 3 \ and "check failed - please submit a crash report!" in row["service_plugin_output"] : + + if not config.user.may("general.see_crash_reports"): + return 'crash', _("This check crashed. Please inform a Check_MK user that is allowed " + "to view and submit crash reports to the development team.") + crashurl = html.makeuri([("site", row["site"]), ("host", row["host_name"]), ("service", row["service_description"])], filename="crashed_check.py") diff --git a/web/app/index.wsgi b/web/app/index.wsgi index e0cc0d1..53244e4 100644 --- a/web/app/index.wsgi +++ b/web/app/index.wsgi @@ -71,8 +71,15 @@ class Application(object): # Create an object that contains all data about the request and # helper functions for creating valid HTML. Parse URI and # store results in the request object for later usage. - h = cmk.gui.htmllib.html(self._request, self._response) - cmk.gui.globals.html.set_current(h) + try: + h = cmk.gui.htmllib.html(self._request, self._response) + cmk.gui.globals.html.set_current(h) + except Exception: + logger.exception("Failed to process request") + self._response.set_content_type("text/plain; charset=UTF-8") + self._response.write("Failed to process request. Have a look at 'var/log/web.log' " + "for more information.\n") + return self._process_request()