]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - html/cgi-bin/vulnerabilities.cgi
projects / people / pmueller / ipfire-2.x.git / blob
? search:


91db2f4c380952fef6f16ef14a1e7ede1b95f971
[people/pmueller/ipfire-2.x.git] / html / cgi-bin / vulnerabilities.cgi
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 use strict;
23
24 # enable only the following on debugging purpose
25 #use warnings;
26 #use CGI::Carp 'fatalsToBrowser';
27
28 require '/var/ipfire/general-functions.pl';
29 require "${General::swroot}/lang.pl";
30 require "${General::swroot}/header.pl";
31
32 my %VULNERABILITIES = (
33 "l1tf" => "$Lang::tr{'foreshadow'} (CVE-2018-3620)",
34 "mds" => "$Lang::tr{'fallout zombieload ridl'} (CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091)",
35 "meltdown" => "$Lang::tr{'meltdown'} (CVE-2017-5754)",
36 "spec_store_bypass" => "$Lang::tr{'spectre variant 4'} (CVE-2018-3639)",
37 "spectre_v1" => "$Lang::tr{'spectre variant 1'} (CVE-2017-5753)",
38 "spectre_v2" => "$Lang::tr{'spectre variant 2'} (CVE-2017-5715)",
39 );
40
41 my $errormessage = "";
42 my $notice = "";
43
44 my %mainsettings = ();
45 my %color = ();
46 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
47 &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
48
49 my %settings = (
50 "ENABLE_SMT" => "auto",
51 );
52 &General::readhash("${General::swroot}/main/security", \%settings);
53
54 &Header::showhttpheaders();
55
56 &Header::getcgihash(\%settings);
57
58 if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
59 if ($settings{'ENABLE_SMT'} !~ /^(auto|on)$/) {
60 $errormessage = $Lang::tr{'invalid input'};
61 }
62
63 unless ($errormessage) {
64 &General::writehash("${General::swroot}/main/security", \%settings);
65 $notice = $Lang::tr{'please reboot to apply your changes'};
66 }
67 }
68
69 my %checked = ();
70 $checked{'ENABLE_SMT'}{'auto'} = '';
71 $checked{'ENABLE_SMT'}{'on'} = '';
72 $checked{'ENABLE_SMT'}{$settings{'ENABLE_SMT'}} = "checked";
73
74 &Header::openpage($Lang::tr{'processor vulnerability mitigations'}, 1, '');
75
76 &Header::openbigbox("100%", "left", "", $errormessage);
77
78 if ($errormessage) {
79 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
80 print "<font color='red'>$errormessage</font>";
81 &Header::closebox();
82 }
83
84 if ($notice) {
85 &Header::openbox('100%', 'left', $Lang::tr{'notice'});
86 print "<font color='red'>$notice</font>";
87 &Header::closebox();
88 }
89
90 &Header::openbox('100%', 'center', $Lang::tr{'processor vulnerability mitigations'});
91
92 print <<END;
93 <table class="tbl" width='100%'>
94 <thead>
95 <tr>
96 <th align="center">
97 <strong>$Lang::tr{'vulnerability'}</strong>
98 </th>
99 <th align="center">
100 <strong>$Lang::tr{'status'}</strong>
101 </th>
102 </tr>
103 </thead>
104 <tbody>
105 END
106
107 my $id = 0;
108 for my $vuln (sort keys %VULNERABILITIES) {
109 my ($status, $message) = &check_status($vuln);
110 next if (!$status);
111
112 my $colour = "";
113 my $bgcolour = "";
114 my $status_message = "";
115
116 # Not affected
117 if ($status eq "Not affected") {
118 $status_message = $Lang::tr{'not affected'};
119 $colour = "white";
120 $bgcolour = ${Header::colourblack};
121
122 # Vulnerable
123 } elsif ($status eq "Vulnerable") {
124 $status_message = $Lang::tr{'vulnerable'};
125 $colour = "white";
126 $bgcolour = ${Header::colourred};
127
128 # Mitigated but smt is enabled
129 } elsif ($status eq "Mitigation-SMT") {
130 $status_message = $Lang::tr{'mitigated'};
131 $colour = "black";
132 $bgcolour = ${Header::colourorange};
133
134 # Mitigated
135 } elsif ($status eq "Mitigation") {
136 $status_message = $Lang::tr{'mitigated'};
137 $colour = "black";
138 $bgcolour = ${Header::colouryellow};
139
140 } else {
141 $status_message = $status;
142 $colour = "white";
143 $bgcolour = ${Header::colourblue};
144 }
145
146 my $table_colour = ($id++ % 2) ? $color{'color22'} : $color{'color20'};
147
148 print <<END;
149 <tr bgcolor="$table_colour">
150 <td align="left">
151 <strong>$VULNERABILITIES{$vuln}</strong>
152 </td>
153
154 <td bgcolor="$bgcolour" align="center">
155 <font color="$colour">
156 END
157 if ($message) {
158 print "<strong>$status_message</strong>: $message";
159 } else {
160 print "<strong>$status_message</strong>";
161 }
162
163 print <<END;
164 </font>
165 </td>
166 </tr>
167 END
168 }
169
170 print <<END;
171 </tbody>
172 </table>
173 END
174
175 &Header::closebox();
176
177 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
178
179 &Header::openbox('100%', 'center', $Lang::tr{'settings'});
180
181 my $smt_status = &smt_status();
182
183 print <<END;
184 <table class="tbl" width="66%">
185 <tbody>
186 <tr>
187 <th colspan="2" align="center">
188 <strong>$smt_status</strong>
189 </th>
190 </tr>
191
192 <tr>
193 <td width="50%" align="left">
194 $Lang::tr{'enable smt'}
195 </td>
196
197 <td width="50%" align="center">
198 <label>
199 <input type="radio" name="ENABLE_SMT"
200 value="auto" $checked{'ENABLE_SMT'}{'auto'}>
201 $Lang::tr{'automatic'}
202 </label> /
203 <label>
204 <input type="radio" name="ENABLE_SMT"
205 value="on" $checked{'ENABLE_SMT'}{'on'}>
206 $Lang::tr{'force enable'} ($Lang::tr{'dangerous'})
207 </label>
208 </td>
209 </tr>
210
211 <tr>
212 <td colspan="2" align="right">
213 <input type="submit" name="ACTION" value="$Lang::tr{'save'}">
214 </td>
215 </tr>
216 </tbody>
217 </table>
218 END
219
220 &Header::closebox();
221
222 print "</form>\n";
223
224 &Header::closebigbox();
225
226 &Header::closepage();
227
228 sub check_status($) {
229 my $vuln = shift;
230
231 open(FILE, "/sys/devices/system/cpu/vulnerabilities/$vuln") or return undef;
232 my $status = <FILE>;
233 close(FILE);
234
235 if ($status =~ /^(Vulnerable): (.*)$/) {
236 return ($1, $2);
237 }
238
239 if ($status =~ /^(Mitigation): (.*vulnerable.*)$/) {
240 return ("Mitigation-SMT", $2);
241 }
242
243 if ($status =~ /^(Mitigation): (.*)$/) {
244 return ($1, $2);
245 }
246
247 return $status;
248 }
249
250 sub smt_status() {
251 open(FILE, "/sys/devices/system/cpu/smt/control");
252 my $status = <FILE>;
253 close(FILE);
254
255 chomp($status);
256
257 if ($status eq "on") {
258 return $Lang::tr{'smt enabled'};
259 } elsif (($status eq "off") || ($status eq "forceoff")) {
260 return $Lang::tr{'smt disabled'};
261 } elsif ($status eq "notsupported") {
262 return $Lang::tr{'smt not supported'};
263 }
264
265 return $status;
266 }
Peter's tree of IPFire 2.x