]> git.ipfire.org Git - ipfire-2.x.git/blob - html/cgi-bin/vulnerabilities.cgi
projects / ipfire-2.x.git / blob
? search:


76eb79f8220a67bc2f7136921ccca843154715df
[ipfire-2.x.git] / html / cgi-bin / vulnerabilities.cgi
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 use strict;
23
24 # enable only the following on debugging purpose
25 #use warnings;
26 #use CGI::Carp 'fatalsToBrowser';
27
28 require '/var/ipfire/general-functions.pl';
29 require "${General::swroot}/lang.pl";
30 require "${General::swroot}/header.pl";
31
32 my %VULNERABILITIES = (
33 "l1tf" => "$Lang::tr{'foreshadow'} (CVE-2018-3620)",
34 "mds" => "$Lang::tr{'fallout zombieload ridl'} (CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091)",
35 "meltdown" => "$Lang::tr{'meltdown'} (CVE-2017-5754)",
36 "spec_store_bypass" => "$Lang::tr{'spectre variant 4'} (CVE-2018-3639)",
37 "spectre_v1" => "$Lang::tr{'spectre variant 1'} (CVE-2017-5753)",
38 "spectre_v2" => "$Lang::tr{'spectre variant 2'} (CVE-2017-5715)",
39 );
40
41 my $errormessage = "";
42 my $notice = "";
43
44 my %mainsettings = ();
45 my %color = ();
46 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
47 &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
48
49 my %settings = (
50 "ENABLE_SMT" => "auto",
51 );
52 &General::readhash("${General::swroot}/main/security", \%settings);
53
54 &Header::showhttpheaders();
55
56 &Header::getcgihash(\%settings);
57
58 if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
59 if ($settings{'ENABLE_SMT'} !~ /^(auto|on)$/) {
60 $errormessage = $Lang::tr{'invalid input'};
61 }
62
63 unless ($errormessage) {
64 &General::writehash("${General::swroot}/main/security", \%settings);
65 $notice = $Lang::tr{'please reboot to apply your changes'};
66 }
67 }
68
69 my %checked = ();
70 $checked{'ENABLE_SMT'}{'auto'} = '';
71 $checked{'ENABLE_SMT'}{'on'} = '';
72 $checked{'ENABLE_SMT'}{$settings{'ENABLE_SMT'}} = "checked";
73
74 &Header::openpage($Lang::tr{'processor vulnerability mitigations'}, 1, '');
75
76 &Header::openbigbox("100%", "left", "", $errormessage);
77
78 if ($errormessage) {
79 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
80 print "<font color='red'>$errormessage</font>";
81 &Header::closebox();
82 }
83
84 if ($notice) {
85 &Header::openbox('100%', 'left', $Lang::tr{'notice'});
86 print "<font color='red'>$notice</font>";
87 &Header::closebox();
88 }
89
90 &Header::openbox('100%', 'center', $Lang::tr{'processor vulnerability mitigations'});
91
92 print <<END;
93 <table class="tbl" width='100%'>
94 <thead>
95 <tr>
96 <th align="center">
97 <strong>$Lang::tr{'vulnerability'}</strong>
98 </th>
99 <th align="center">
100 <strong>$Lang::tr{'status'}</strong>
101 </th>
102 </tr>
103 </thead>
104 <tbody>
105 END
106
107 my $id = 0;
108 for my $vuln (sort keys %VULNERABILITIES) {
109 my ($status, $message) = &check_status($vuln);
110 next if (!$status);
111
112 my $colour = "";
113 my $bgcolour = "";
114 my $status_message = "";
115
116 # Not affected
117 if ($status eq "Not affected") {
118 $status_message = $Lang::tr{'not affected'};
119 $colour = "white";
120 $bgcolour = ${Header::colourblack};
121
122 # Vulnerable
123 } elsif ($status eq "Vulnerable") {
124 $status_message = $Lang::tr{'vulnerable'};
125 $colour = "white";
126 $bgcolour = ${Header::colourred};
127
128 # Mitigated but smt is enabled
129 } elsif ($status eq "Mitigation-SMT") {
130 $status_message = $Lang::tr{'mitigated'};
131 $colour = "white";
132 $bgcolour = ${Header::colourred};
133
134 # Mitigated
135 } elsif ($status eq "Mitigation") {
136 $status_message = $Lang::tr{'mitigated'};
137 $colour = "white";
138 $bgcolour = ${Header::colourgreen};
139
140 # Unknown report from kernel
141 } else {
142 $status_message = $status;
143 $colour = "black";
144 $bgcolour = ${Header::colouryellow};
145 }
146
147 my $table_colour = ($id++ % 2) ? $color{'color22'} : $color{'color20'};
148
149 print <<END;
150 <tr bgcolor="$table_colour">
151 <td align="left">
152 <strong>$VULNERABILITIES{$vuln}</strong>
153 </td>
154
155 <td bgcolor="$bgcolour" align="center">
156 <font color="$colour">
157 END
158 if ($message) {
159 print "<strong>$status_message</strong>: $message";
160 } else {
161 print "<strong>$status_message</strong>";
162 }
163
164 print <<END;
165 </font>
166 </td>
167 </tr>
168 END
169 }
170
171 print <<END;
172 </tbody>
173 </table>
174 END
175
176 &Header::closebox();
177
178 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
179
180 &Header::openbox('100%', 'center', $Lang::tr{'settings'});
181
182 my $smt_status = &smt_status();
183
184 print <<END;
185 <table class="tbl" width="66%">
186 <tbody>
187 <tr>
188 <th colspan="2" align="center">
189 <strong>$smt_status</strong>
190 </th>
191 </tr>
192
193 <tr>
194 <td width="50%" align="left">
195 $Lang::tr{'enable smt'}
196 </td>
197
198 <td width="50%" align="center">
199 <label>
200 <input type="radio" name="ENABLE_SMT"
201 value="auto" $checked{'ENABLE_SMT'}{'auto'}>
202 $Lang::tr{'automatic'}
203 </label> /
204 <label>
205 <input type="radio" name="ENABLE_SMT"
206 value="on" $checked{'ENABLE_SMT'}{'on'}>
207 $Lang::tr{'force enable'} ($Lang::tr{'dangerous'})
208 </label>
209 </td>
210 </tr>
211
212 <tr>
213 <td colspan="2" align="right">
214 <input type="submit" name="ACTION" value="$Lang::tr{'save'}">
215 </td>
216 </tr>
217 </tbody>
218 </table>
219 END
220
221 &Header::closebox();
222
223 print "</form>\n";
224
225 &Header::closebigbox();
226
227 &Header::closepage();
228
229 sub check_status($) {
230 my $vuln = shift;
231
232 open(FILE, "/sys/devices/system/cpu/vulnerabilities/$vuln") or return undef;
233 my $status = <FILE>;
234 close(FILE);
235
236 if ($status =~ /^(Vulnerable): (.*)$/) {
237 return ($1, $2);
238 }
239
240 if ($status =~ /^(Mitigation): (.*vulnerable.*)$/) {
241 return ("Mitigation-SMT", $2);
242 }
243
244 if ($status =~ /^(Mitigation): (.*)$/) {
245 return ($1, $2);
246 }
247
248 return $status;
249 }
250
251 sub smt_status() {
252 open(FILE, "/sys/devices/system/cpu/smt/control");
253 my $status = <FILE>;
254 close(FILE);
255
256 chomp($status);
257
258 if ($status eq "on") {
259 return $Lang::tr{'smt enabled'};
260 } elsif (($status eq "off") || ($status eq "forceoff")) {
261 return $Lang::tr{'smt disabled'};
262 } elsif ($status eq "notsupported") {
263 return $Lang::tr{'smt not supported'};
264 }
265
266 return $status;
267 }
IPFire 2.x development tree