Opened 2 years ago

Closed 2 years ago

#3103 closed Task (fixed)

SecurityInfo Problems

Reported by: eduardojru Owned by:
Priority: normal Milestone: 1.12.x - Piwik 1.12.x
Component: Core Keywords:
Cc: Sensitive: no

Description

Hi!

I am trying to make my piwik installation as secure as possible using the Security plugin. I did research in the FAQ and other places and didn't find a solution! In my (windows) localhost I have no problems, but in my real server, I got several (8 in total)! One of them is:

Notice: Undefined offset:1 in /hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php on line 538

Backtrace -->
#0 Piwik_ErrorHandler(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php:538]#1 PhpSecInfo_Test->getUnixId(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Core/uid.php:57]#2 PhpSecInfo_Test_Core_Uid->_retrieveCurrentValue(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php:118]#3 PhpSecInfo_Test->PhpSecInfo_Test(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:276]#4 PhpSecInfo->runTests(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:476]#5 PhpSecInfo->loadAndRun(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/Controller.php:28]#6 Piwik_SecurityInfo_Controller->index(...) called at [:]#7 call_user_func_array(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/core/FrontController.php:138]#8 Piwik_FrontController->dispatch(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/index.php:53]

The other 7 are variations of the above, with 1 substitued by 2, and 118 by 278. Any help would be very much appreciated!

Eduardo

Change History (7)

comment:1 follow-up: Changed 2 years ago by vipsoft (robocoder)

  • Keywords SecurityInfo Security plugin removed
  • Milestone set to 1.7.x - Piwik 1.7.2

What's the output of this script on your real host?

<?php  var_dump(exec('id'));

comment:2 in reply to: ↑ 1 Changed 2 years ago by eduardojru

Replying to vipsoft:

What's the output of this script on your real host?

<?php  var_dump(exec('id'));

Hello vipsoft!!!

The output of the script in my real server is:

string(75) "uid=2705636(ipg.var4castcom) gid=15010(cgiuser) groups=15020,15010(cgiuser)" 

comment:3 follow-up: Changed 2 years ago by vipsoft (robocoder)

(In [6205]) refs #3103 - handle gid without group name; please test patch and provide feedback

comment:4 in reply to: ↑ 3 Changed 2 years ago by eduardojru

Replying to vipsoft:

(In [6205]) refs #3103 - handle gid without group name; please test patch and provide feedback

Hi vipsoft!

Hier are the outputs:

Notice: Array to string conversion in /hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php on line 537

Backtrace -->
#0 Piwik_ErrorHandler(...) called at [:]#1 explode(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php:537]#2 PhpSecInfo_Test->getUnixId(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Core/uid.php:57]#3 PhpSecInfo_Test_Core_Uid->_retrieveCurrentValue(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php:119]#4 PhpSecInfo_Test->PhpSecInfo_Test(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:276]#5 PhpSecInfo->runTests(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:476]#6 PhpSecInfo->loadAndRun(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/Controller.php:28]#7 Piwik_SecurityInfo_Controller->index(...) called at [:]#8 call_user_func_array(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/core/FrontController.php:138]#9 Piwik_FrontController->dispatch(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/index.php:53]
Notice: Array to string conversion in /hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php on line 537

Backtrace -->
#0 Piwik_ErrorHandler(...) called at [:]#1 explode(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php:537]#2 PhpSecInfo_Test->getUnixId(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Core/uid.php:48]#3 PhpSecInfo_Test_Core_Uid->isTestable(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:278]#4 PhpSecInfo->runTests(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:476]#5 PhpSecInfo->loadAndRun(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/Controller.php:28]#6 Piwik_SecurityInfo_Controller->index(...) called at [:]#7 call_user_func_array(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/core/FrontController.php:138]#8 Piwik_FrontController->dispatch(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/index.php:53]
Notice: Array to string conversion in /hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php on line 537

Backtrace -->
#0 Piwik_ErrorHandler(...) called at [:]#1 explode(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php:537]#2 PhpSecInfo_Test->getUnixId(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Core/gid.php:57]#3 PhpSecInfo_Test_Core_Gid->_retrieveCurrentValue(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php:119]#4 PhpSecInfo_Test->PhpSecInfo_Test(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:276]#5 PhpSecInfo->runTests(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:476]#6 PhpSecInfo->loadAndRun(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/Controller.php:28]#7 Piwik_SecurityInfo_Controller->index(...) called at [:]#8 call_user_func_array(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/core/FrontController.php:138]#9 Piwik_FrontController->dispatch(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/index.php:53]
Notice: Array to string conversion in /hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php on line 537

Backtrace -->
#0 Piwik_ErrorHandler(...) called at [:]#1 explode(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php:537]#2 PhpSecInfo_Test->getUnixId(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Core/gid.php:49]#3 PhpSecInfo_Test_Core_Gid->isTestable(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:278]#4 PhpSecInfo->runTests(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:476]#5 PhpSecInfo->loadAndRun(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/Controller.php:28]#6 Piwik_SecurityInfo_Controller->index(...) called at [:]#7 call_user_func_array(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/core/FrontController.php:138]#8 Piwik_FrontController->dispatch(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/index.php:53]

And the output of

var_dump(exec('id'));

is

string(75) "uid=2705636(ipg.var4castcom) gid=15010(cgiuser) groups=15020,15010(cgiuser)" 

Thanks so much for your concern and time!!!

Eduardo

comment:5 Changed 2 years ago by vipsoft (robocoder)

It doesn't look like the patch applied cleanly because your line numbers don't jive with our copy. Please replace Test.php with this file from svn.

http://dev.piwik.org/trac/export/6205/trunk/plugins/SecurityInfo/PhpSecInfo/Test/Test.php

comment:6 Changed 2 years ago by eduardojru

Hi vipsoft!!!

Thanks so much!!!

All those messages are gone forever!!!

Have nice one!!!

Eduardo

comment:7 Changed 2 years ago by vipsoft (robocoder)

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.