]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - html/cgi-bin/vulnerabilities.cgi
projects / people / pmueller / ipfire-2.x.git / blob
? search:


74d22201705fcb0c209058affdb8d02ef8324842
[people/pmueller/ipfire-2.x.git] / html / cgi-bin / vulnerabilities.cgi
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 use strict;
23
24 # enable only the following on debugging purpose
25 #use warnings;
26 #use CGI::Carp 'fatalsToBrowser';
27
28 require '/var/ipfire/general-functions.pl';
29 require "${General::swroot}/lang.pl";
30 require "${General::swroot}/header.pl";
31
32 my %VULNERABILITIES = (
33 "l1tf" => "$Lang::tr{'foreshadow'} (CVE-2018-3620)",
34 "mds" => "$Lang::tr{'fallout zombieload ridl'} (CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091)",
35 "meltdown" => "$Lang::tr{'meltdown'} (CVE-2017-5754)",
36 "spec_store_bypass" => "$Lang::tr{'spectre variant 4'} (CVE-2018-3639)",
37 "spectre_v1" => "$Lang::tr{'spectre variant 1'} (CVE-2017-5753)",
38 "spectre_v2" => "$Lang::tr{'spectre variant 2'} (CVE-2017-5715)",
39 );
40
41 my $errormessage = "";
42 my $notice = "";
43
44 my %mainsettings = ();
45 my %color = ();
46 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
47 &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
48
49 my %settings = (
50 "ENABLE_SMT" => "auto",
51 );
52 &General::readhash("${General::swroot}/main/security", \%settings);
53
54 &Header::showhttpheaders();
55
56 &Header::getcgihash(\%settings);
57
58 if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
59 if ($settings{'ENABLE_SMT'} !~ /^(auto|on)$/) {
60 $errormessage = $Lang::tr{'invalid input'};
61 }
62
63 unless ($errormessage) {
64 &General::writehash("${General::swroot}/main/security", \%settings);
65 $notice = $Lang::tr{'please reboot to apply your changes'};
66 }
67 }
68
69 my %checked = ();
70 $checked{'ENABLE_SMT'}{'auto'} = '';
71 $checked{'ENABLE_SMT'}{'on'} = '';
72 $checked{'ENABLE_SMT'}{$settings{'ENABLE_SMT'}} = "checked";
73
74 &Header::openpage($Lang::tr{'processor vulnerability mitigations'}, 1, '');
75
76 &Header::openbigbox("100%", "left", "", $errormessage);
77
78 if ($errormessage) {
79 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
80 print "<font color='red'>$errormessage</font>";
81 &Header::closebox();
82 }
83
84 if ($notice) {
85 &Header::openbox('100%', 'left', $Lang::tr{'notice'});
86 print "<font color='red'>$notice</font>";
87 &Header::closebox();
88 }
89
90 &Header::openbox('100%', 'center', $Lang::tr{'processor vulnerability mitigations'});
91
92 print <<END;
93 <table class="tbl" width='100%'>
94 <thead>
95 <tr>
96 <th align="center">
97 <strong>$Lang::tr{'vulnerability'}</strong>
98 </th>
99 <th align="center">
100 <strong>$Lang::tr{'status'}</strong>
101 </th>
102 </tr>
103 </thead>
104 <tbody>
105 END
106
107 my $id = 0;
108 for my $vuln (sort keys %VULNERABILITIES) {
109 my ($status, $message) = &check_status($vuln);
110 next if (!$status);
111
112 my $colour = "";
113 my $bgcolour = "";
114 my $status_message = "";
115
116 # Not affected
117 if ($status eq "Not affected") {
118 $status_message = $Lang::tr{'not affected'};
119 $colour = "white";
120 $bgcolour = ${Header::colourblack};
121
122 # Vulnerable
123 } elsif ($status eq "Vulnerable") {
124 $status_message = $Lang::tr{'vulnerable'};
125 $colour = "white";
126 $bgcolour = ${Header::colourred};
127
128 # Mitigated
129 } elsif ($status eq "Mitigation") {
130 $status_message = $Lang::tr{'mitigated'};
131 $colour = "white";
132 $bgcolour = ${Header::colourgreen};
133
134 # Unknown report from kernel
135 } else {
136 $status_message = $status;
137 $colour = "black";
138 $bgcolour = ${Header::colouryellow};
139 }
140
141 my $table_colour = ($id++ % 2) ? $color{'color22'} : $color{'color20'};
142
143 print <<END;
144 <tr bgcolor="$table_colour">
145 <td align="left">
146 <strong>$VULNERABILITIES{$vuln}</strong>
147 </td>
148
149 <td bgcolor="$bgcolour" align="center">
150 <font color="$colour">
151 END
152 if ($message) {
153 print "<strong>$status_message</strong>: $message";
154 } else {
155 print "<strong>$status_message</strong>";
156 }
157
158 print <<END;
159 </font>
160 </td>
161 </tr>
162 END
163 }
164
165 print <<END;
166 </tbody>
167 </table>
168 END
169
170 &Header::closebox();
171
172 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
173
174 &Header::openbox('100%', 'center', $Lang::tr{'settings'});
175
176 my $smt_status = &smt_status();
177
178 print <<END;
179 <table class="tbl" width="66%">
180 <tbody>
181 <tr>
182 <th colspan="2" align="center">
183 <strong>$smt_status</strong>
184 </th>
185 </tr>
186
187 <tr>
188 <td width="50%" align="left">
189 $Lang::tr{'enable smt'}
190 </td>
191
192 <td width="50%" align="center">
193 <label>
194 <input type="radio" name="ENABLE_SMT"
195 value="auto" $checked{'ENABLE_SMT'}{'auto'}>
196 $Lang::tr{'automatic'}
197 </label> /
198 <label>
199 <input type="radio" name="ENABLE_SMT"
200 value="on" $checked{'ENABLE_SMT'}{'on'}>
201 $Lang::tr{'force enable'} ($Lang::tr{'dangerous'})
202 </label>
203 </td>
204 </tr>
205
206 <tr>
207 <td colspan="2" align="right">
208 <input type="submit" name="ACTION" value="$Lang::tr{'save'}">
209 </td>
210 </tr>
211 </tbody>
212 </table>
213 END
214
215 &Header::closebox();
216
217 print "</form>\n";
218
219 &Header::closebigbox();
220
221 &Header::closepage();
222
223 sub check_status($) {
224 my $vuln = shift;
225
226 open(FILE, "/sys/devices/system/cpu/vulnerabilities/$vuln") or return undef;
227 my $status = <FILE>;
228 close(FILE);
229
230 # Fix status when something has been mitigated, but not fully, yet
231 if ($status =~ /^(Mitigation): (.*vulnerable.*)$/) {
232 return ("Vulnerable", $2);
233 }
234
235 if ($status =~ /^(Vulnerable|Mitigation): (.*)$/) {
236 return ($1, $2);
237 }
238
239 return $status;
240 }
241
242 sub smt_status() {
243 open(FILE, "/sys/devices/system/cpu/smt/control");
244 my $status = <FILE>;
245 close(FILE);
246
247 chomp($status);
248
249 if ($status eq "on") {
250 return $Lang::tr{'smt enabled'};
251 } elsif (($status eq "off") || ($status eq "forceoff")) {
252 return $Lang::tr{'smt disabled'};
253 } elsif ($status eq "notsupported") {
254 return $Lang::tr{'smt not supported'};
255 }
256
257 return $status;
258 }
Peter's tree of IPFire 2.x