Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F14021326
D10561.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
3 KB
Referenced Files
None
Subscribers
None
D10561.diff
View Options
diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@@ -2256,6 +2256,7 @@
'PhabricatorSetupCheckPath' => 'applications/config/check/PhabricatorSetupCheckPath.php',
'PhabricatorSetupCheckPygment' => 'applications/config/check/PhabricatorSetupCheckPygment.php',
'PhabricatorSetupCheckRepositories' => 'applications/config/check/PhabricatorSetupCheckRepositories.php',
+ 'PhabricatorSetupCheckSecurity' => 'applications/config/check/PhabricatorSetupCheckSecurity.php',
'PhabricatorSetupCheckStorage' => 'applications/config/check/PhabricatorSetupCheckStorage.php',
'PhabricatorSetupCheckTimezone' => 'applications/config/check/PhabricatorSetupCheckTimezone.php',
'PhabricatorSetupIssue' => 'applications/config/issue/PhabricatorSetupIssue.php',
@@ -5240,6 +5241,7 @@
'PhabricatorSetupCheckPath' => 'PhabricatorSetupCheck',
'PhabricatorSetupCheckPygment' => 'PhabricatorSetupCheck',
'PhabricatorSetupCheckRepositories' => 'PhabricatorSetupCheck',
+ 'PhabricatorSetupCheckSecurity' => 'PhabricatorSetupCheck',
'PhabricatorSetupCheckStorage' => 'PhabricatorSetupCheck',
'PhabricatorSetupCheckTimezone' => 'PhabricatorSetupCheck',
'PhabricatorSetupIssueExample' => 'PhabricatorUIExample',
diff --git a/src/applications/config/check/PhabricatorSetupCheckSecurity.php b/src/applications/config/check/PhabricatorSetupCheckSecurity.php
new file mode 100644
--- /dev/null
+++ b/src/applications/config/check/PhabricatorSetupCheckSecurity.php
@@ -0,0 +1,49 @@
+<?php
+
+final class PhabricatorSetupCheckSecurity extends PhabricatorSetupCheck {
+
+ protected function executeChecks() {
+
+ // This checks for a version of bash with the "Shellshock" vulnerability.
+ // For details, see T6185.
+
+ $payload = array(
+ 'SHELLSHOCK_PAYLOAD' => '() { :;} ; echo VULNERABLE',
+ );
+
+ list($err, $stdout) = id(new ExecFuture('echo shellshock-test'))
+ ->setEnv($payload, $wipe_process_env = true)
+ ->resolve();
+
+ if (!$err && preg_match('/VULNERABLE/', $stdout)) {
+ $summary = pht(
+ 'This system has an unpatched version of Bash with a severe, widely '.
+ 'disclosed vulnerability.');
+
+ $message = pht(
+ 'The version of %s on this system is out of date and contains a '.
+ 'major, widely disclosed vulnerability (the "Shellshock" '.
+ 'vulnerability).'.
+ "\n\n".
+ 'Upgrade %s to a patched version.'.
+ "\n\n".
+ 'To learn more about how this issue affects Phabricator, see %s.',
+ phutil_tag('tt', array(), 'bash'),
+ phutil_tag('tt', array(), 'bash'),
+ phutil_tag(
+ 'a',
+ array(
+ 'href' => 'https://secure.phabricator.com/T6185',
+ 'target' => '_blank',
+ ),
+ pht('T6185 "Shellshock" Bash Vulnerability')));
+
+ $this
+ ->newIssue('security.shellshock')
+ ->setName(pht('Severe Security Vulnerability: Unpatched Bash'))
+ ->setSummary($summary)
+ ->setMessage($message);
+ }
+
+ }
+}
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Thu, Nov 7, 7:36 AM (1 w, 5 d ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
6710537
Default Alt Text
D10561.diff (3 KB)
Attached To
Mode
D10561: Add a setup issue to detect systems vulnerable to "Shellshock"
Attached
Detach File
Event Timeline
Log In to Comment