Module: check_mk
Branch: master
Commit: c735f71c4c69c7f3bbd4cb091bd701225af3da56
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=c735f71c4c69c7…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Sep 25 13:49:17 2018 +0200
6710 SEC Limit crash reporting functionality to permitted users
The crash reporting functionality of the GUI, which shows a lot of detailed
information about the internal state of the GUI, has been limited to be shown
only to permitted users.
The crash report could be used by attackers to get internal information about
the application state and secrets processed by the GUI.
All not permitted users will now only see a short message about the occurred
crash. Some more information is written to <tt>var/log/web.log</tt>.
Only authenticated administrative users are allowed to see and submit crash
reports by default.
If you like to give all your users the right to see and send crash reports give
them the permission "See crash reports"
A problem with this change may be that some crashes occur only in very specific
situations, for example for specific users. In such a case it may be hard to
get detailed information about the situation when the crash reporting is not
available. We plan to add an improved crash reporting in future versions to
make all occurred crashes available to the Check_MK administrator for later
debugging.
CMK-1037
Change-Id: I7ba306a212572d513041607fb45bcac1dd697d68
---
.werks/6710 | 34 ++++++++++++++++++++++++++++++++++
cmk/gui/crash_reporting.py | 11 +++++++++++
cmk/gui/default_permissions.py | 7 +++++++
cmk/gui/plugins/views/icons/builtin.py | 5 +++++
web/app/index.wsgi | 11 +++++++++--
5 files changed, 66 insertions(+), 2 deletions(-)
diff --git a/.werks/6710 b/.werks/6710
new file mode 100644
index 0000000..4ea80ab
--- /dev/null
+++ b/.werks/6710
@@ -0,0 +1,34 @@
+Title: Limit crash reporting functionality to permitted users
+Level: 1
+Component: multisite
+Class: security
+Compatible: compat
+Edition: cre
+State: unknown
+Version: 1.6.0i1
+Date: 1537727939
+
+The crash reporting functionality of the GUI, which shows a lot of detailed
+information about the internal state of the GUI, has been limited to be shown
+only to permitted users.
+
+The crash report could be used by attackers to get internal information about
+the application state and secrets processed by the GUI.
+
+All not permitted users will now only see a short message about the occurred
+crash. Some more information is written to <tt>var/log/web.log</tt>.
+
+Only authenticated administrative users are allowed to see and submit crash
+reports by default.
+
+If you like to give all your users the right to see and send crash reports give
+them the permission "See crash reports"
+
+A problem with this change may be that some crashes occur only in very specific
+situations, for example for specific users. In such a case it may be hard to
+get detailed information about the situation when the crash reporting is not
+available. We plan to add an improved crash reporting in future versions to
+make all occurred crashes available to the Check_MK administrator for later
+debugging.
+
+CMK-1037
diff --git a/cmk/gui/crash_reporting.py b/cmk/gui/crash_reporting.py
index 57d20d6..cfc1437 100644
--- a/cmk/gui/crash_reporting.py
+++ b/cmk/gui/crash_reporting.py
@@ -60,6 +60,17 @@ def page_gui_crash():
def page_crashed(what):
+ # Do not reveal crash context information to unauthenticated users or not permitted
+ # users to prevent disclosure of internal information
+ if not config.user.may("general.see_crash_reports"):
+ html.header(_("Internal error"), stylesheets=["status",
"pages"])
+ html.show_error("<b>%s:</b> %s" % (_("Internal
error"), sys.exc_info()[1]))
+ html.p(_("An internal error occurred while processing your request. "
+ "You can report this issue to your Check_MK administrator. "
+ "Detailed information can be found in
<tt>var/log/web.log</tt>."))
+ html.footer()
+ return
+
if what == "check":
site = html.var("site")
host = html.var("host")
diff --git a/cmk/gui/default_permissions.py b/cmk/gui/default_permissions.py
index 3384ad0..9b68ef9 100644
--- a/cmk/gui/default_permissions.py
+++ b/cmk/gui/default_permissions.py
@@ -174,6 +174,13 @@ def load_plugins(force):
_("Show the column for stale host and service checks in the tactical
overview snapin."),
[ "guest", "user", "admin" ])
+ config.declare_permission("general.see_crash_reports",
+ _("See crash reports"),
+ _("In case an exception happens while Check_MK is running it may produce
crash reports that you can "
+ "use to track down the issues in the code or send it as report to the
Check_MK team to fix this issue "
+ "Only users with this permission are able to see the reports in the
GUI."),
+ [ "admin" ])
+
loaded_with_language = cmk.gui.i18n.get_current_language()
diff --git a/cmk/gui/plugins/views/icons/builtin.py
b/cmk/gui/plugins/views/icons/builtin.py
index 4c00d5a..bd6032b 100644
--- a/cmk/gui/plugins/views/icons/builtin.py
+++ b/cmk/gui/plugins/views/icons/builtin.py
@@ -840,6 +840,11 @@ def paint_icon_crashed_check(what, row, tags, host_custom_vars):
if what == "service" \
and row["service_state"] == 3 \
and "check failed - please submit a crash report!" in
row["service_plugin_output"] :
+
+ if not config.user.may("general.see_crash_reports"):
+ return 'crash', _("This check crashed. Please inform a Check_MK
user that is allowed "
+ "to view and submit crash reports to the development
team.")
+
crashurl = html.makeuri([("site", row["site"]),
("host", row["host_name"]),
("service",
row["service_description"])], filename="crashed_check.py")
diff --git a/web/app/index.wsgi b/web/app/index.wsgi
index e0cc0d1..53244e4 100644
--- a/web/app/index.wsgi
+++ b/web/app/index.wsgi
@@ -71,8 +71,15 @@ class Application(object):
# Create an object that contains all data about the request and
# helper functions for creating valid HTML. Parse URI and
# store results in the request object for later usage.
- h = cmk.gui.htmllib.html(self._request, self._response)
- cmk.gui.globals.html.set_current(h)
+ try:
+ h = cmk.gui.htmllib.html(self._request, self._response)
+ cmk.gui.globals.html.set_current(h)
+ except Exception:
+ logger.exception("Failed to process request")
+ self._response.set_content_type("text/plain; charset=UTF-8")
+ self._response.write("Failed to process request. Have a look at
'var/log/web.log' "
+ "for more information.\n")
+ return
self._process_request()