Wir nutzen Cookies, um Ihnen eine optimale Nutzung dieser Webseite zu ermöglichen. Mehr Informationen finden Sie im Datenschutzhinweis. Wir nehmen an, dass Sie damit einverstanden sind, falls Sie diese Webseite weiter besuchen.

Ihre Cookie-Einstellungen
Ihre Einstellungen wurden aktualisiert.
Damit die Änderungen wirksam werden, löschen Sie bitte Ihre Browser-Cookies und den Cache und laden dann die Seite neu.

Werk #6710: Limit crash reporting functionality to permitted users

KomponenteGUI
TitelLimit crash reporting functionality to permitted users
Datum2018-09-23 20:38:59
Checkmk EditionCheckmk Raw Edition (CRE)
Checkmk Version1.4.0p37,1.6.0b1,1.5.0p5
LevelTrivial Change
KlasseSecurity Fix
KompatibilitätKompatibel - benötigt kein manuelles Eingreifen

The crash reporting functionality of the GUI, which shows a lot of detailed information about the internal state of the GUI, has been limited to be shown only to permitted users.

The crash report could be used by attackers to get internal information about the application state and secrets processed by the GUI.

All not permitted users will now only see a short message about the occurred crash. Some more information is written to var/log/web.log.

Only authenticated administrative users are allowed to see and submit crash reports by default.

If you like to give all your users the right to see and send crash reports give them the permission "See crash reports"

A problem with this change may be that some crashes occur only in very specific situations, for example for specific users. In such a case it may be hard to get detailed information about the situation when the crash reporting is not available. We plan to add an improved crash reporting in future versions to make all occurred crashes available to the Check_MK administrator for later debugging.

CMK-1037