]>
git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - html/cgi-bin/vulnerabilities.cgi
2 ###############################################################################
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
24 # enable only the following on debugging purpose
26 #use CGI::Carp 'fatalsToBrowser';
28 require '/var/ipfire/general-functions.pl';
29 require "${General::swroot}/lang.pl";
30 require "${General::swroot}/header.pl";
32 my %VULNERABILITIES = (
33 "itlb_multihit" => "$Lang::tr{'itlb multihit'} (CVE-2018-12207)",
34 "l1tf" => "$Lang::tr{'foreshadow'} (CVE-2018-3620)",
35 "mds" => "$Lang::tr{'fallout zombieload ridl'} (CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091)",
36 "meltdown" => "$Lang::tr{'meltdown'} (CVE-2017-5754)",
37 "mmio_stale_data" => "$Lang::tr{'mmio stale data'} (CVE-2022-21123, CVE-2022-21125, CVE-2022-21127, CVE-2022-21166)",
38 "retbleed" => "$Lang::tr{'retbleed'} (CVE-2022-29900, CVE-2022-29901)",
39 "spec_store_bypass" => "$Lang::tr{'spectre variant 4'} (CVE-2018-3639)",
40 "spectre_v1" => "$Lang::tr{'spectre variant 1'} (CVE-2017-5753)",
41 "spectre_v2" => "$Lang::tr{'spectre variant 2'} (CVE-2017-5715)",
42 "srbds" => "$Lang::tr{'srbds'} (CVE-2020-0543)",
43 "tsx_async_abort" => "$Lang::tr{'taa zombieload2'} (CVE-2019-11135)",
46 my $errormessage = "";
49 my %mainsettings = ();
51 &General
::readhash
("${General::swroot}/main/settings", \
%mainsettings);
52 &General
::readhash
("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \
%color);
55 "ENABLE_SMT" => "auto",
57 &General
::readhash
("${General::swroot}/main/security", \
%settings);
59 &Header
::showhttpheaders
();
61 &Header
::getcgihash
(\
%settings);
63 if ($settings{'ACTION'} eq $Lang::tr
{'save'}) {
64 if ($settings{'ENABLE_SMT'} !~ /^(auto|on)$/) {
65 $errormessage = $Lang::tr
{'invalid input'};
68 unless ($errormessage) {
69 &General
::writehash
("${General::swroot}/main/security", \
%settings);
70 $notice = $Lang::tr
{'please reboot to apply your changes'};
75 $checked{'ENABLE_SMT'}{'auto'} = '';
76 $checked{'ENABLE_SMT'}{'on'} = '';
77 $checked{'ENABLE_SMT'}{$settings{'ENABLE_SMT'}} = "checked";
79 &Header
::openpage
($Lang::tr
{'processor vulnerability mitigations'}, 1, '');
81 &Header
::openbigbox
("100%", "left", "", $errormessage);
84 &Header
::openbox
('100%', 'left', $Lang::tr
{'error messages'});
85 print "<font color='red'>$errormessage</font>";
90 &Header
::openbox
('100%', 'left', $Lang::tr
{'notice'});
91 print "<font color='red'>$notice</font>";
95 &Header
::openbox
('100%', 'center', $Lang::tr
{'processor vulnerability mitigations'});
98 <table class="tbl" width='100%'>
102 <strong>$Lang::tr{'vulnerability'}</strong>
105 <strong>$Lang::tr{'status'}</strong>
113 for my $vuln (sort keys %VULNERABILITIES) {
114 my ($status, $message) = &check_status
($vuln);
119 my $status_message = "";
122 if ($status eq "Not affected") {
123 $status_message = $Lang::tr
{'not affected'};
125 $bgcolour = ${Header
::colourgreen
};
128 } elsif ($status eq "Vulnerable") {
129 $status_message = $Lang::tr
{'vulnerable'};
131 $bgcolour = ${Header
::colourred
};
134 } elsif ($status eq "Mitigation") {
135 $status_message = $Lang::tr
{'mitigated'};
137 $bgcolour = ${Header
::colourblue
};
139 # Unknown report from kernel
141 $status_message = $status;
143 $bgcolour = ${Header
::colouryellow
};
146 my $table_colour = ($id++ % 2) ?
$color{'color22'} : $color{'color20'};
149 <tr bgcolor="$table_colour">
151 <strong>$VULNERABILITIES{$vuln}</strong>
154 <td bgcolor="$bgcolour" align="center">
155 <font color="$colour">
158 print "<strong>$status_message</strong> - $message";
160 print "<strong>$status_message</strong>";
177 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
179 &Header
::openbox
('100%', 'center', $Lang::tr
{'settings'});
181 my $smt_status = &smt_status
();
184 <table class="tbl" width="66%">
187 <th colspan="2" align="center">
188 <strong>$smt_status</strong>
193 <td width="50%" align="left">
194 $Lang::tr{'enable smt'}
197 <td width="50%" align="center">
199 <input type="radio" name="ENABLE_SMT"
200 value="auto" $checked{'ENABLE_SMT'}{'auto'}>
201 $Lang::tr{'automatic'}
204 <input type="radio" name="ENABLE_SMT"
205 value="on" $checked{'ENABLE_SMT'}{'on'}>
206 $Lang::tr{'force enable'} ($Lang::tr{'dangerous'})
212 <td colspan="2" align="right">
213 <input type="submit" name="ACTION" value="$Lang::tr{'save'}">
224 &Header
::closebigbox
();
226 &Header
::closepage
();
228 sub check_status
($) {
231 open(FILE
, "/sys/devices/system/cpu/vulnerabilities/$vuln") or return undef;
237 # Fix status when something has been mitigated, but not fully, yet
238 if ($status =~ /^(Mitigation): (.*vulnerable.*)$/) {
239 return ("Vulnerable", $status);
242 if ($status =~ /^(Vulnerable|Mitigation): (.*)$/) {
250 open(FILE
, "/sys/devices/system/cpu/smt/control");
256 if ($status eq "on") {
257 return $Lang::tr
{'smt enabled'};
258 } elsif (($status eq "off") || ($status eq "forceoff")) {
259 return $Lang::tr
{'smt disabled'};
260 } elsif ($status eq "notsupported") {
261 return $Lang::tr
{'smt not supported'};