Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 12:36
    ruscatalin starred MISP/MISP
  • 10:53
    scottpendlebury commented #7794
  • 10:53
    scottpendlebury commented #7794
  • 10:52
    scottpendlebury commented #7794
  • 10:52
    scottpendlebury commented #7794
  • 10:12

    iglocska on main

    MUG update added (compare)

  • 09:19
    ivanvza starred MISP/misp-warninglists
  • 06:11
    aacgood opened #377
  • 06:11
    aacgood opened #377
  • 03:17
    weiduolijia1314 starred MISP/MISP
  • Dec 03 23:58

    cvandeplas on develop

    fix: [log] remote IP header cla… (compare)

  • Dec 03 23:58

    cvandeplas on develop

    fix: [log] remote IP header cla… (compare)

  • Dec 03 19:27
    github-germ opened #8804
  • Dec 03 19:27
    github-germ labeled #8804
  • Dec 03 19:27
    github-germ labeled #8804
  • Dec 03 19:27
    github-germ opened #8804
  • Dec 03 19:06
    github-germ commented #8738
  • Dec 03 19:06
    github-germ commented #8738
  • Dec 03 18:55
    percu starred MISP/MISP
Stefano Ortolani
@ostefano
all www-data
(using the new background workers logic)
iglocska
@andras:matrix.circl.lu
[m]
zmq should not affect it
Weird
Stefano Ortolani
@ostefano
What is the controller / code that is writing attachments?
iglocska
@andras:matrix.circl.lu
[m]
No PC - but from memory
Controllers, attributecontroller
add attachment function
Most likely relying on code in model->Atrribute.php
And filetool in Lib/Tools
Stefano Ortolani
@ostefano
Regardless of the code path, I can't fathom how something running on www-data is able to do that unless there are some setuid exec somewhere
iglocska
@andras:matrix.circl.lu
[m]
Yeah it absolutely shouldn’t be able to do that so I’m just as puzzled
Stefano Ortolani
@ostefano
root       798  0.0  0.1  62732  8048 ?        S    Dec01   0:00 nginx: master process nginx -g daemon off;
www-data   799  0.0  0.1  63672  6620 ?        S    Dec01   0:07 nginx: worker process
www-data   800  0.0  0.1  63660  6776 ?        S    Dec01   0:00 nginx: worker process
www-data   801  0.0  0.0  63064  2752 ?        S    Dec01   0:00 nginx: worker process
www-data   802  0.0  0.0  63064  2752 ?        S    Dec01   0:00 nginx: worker process
www-data   803  0.0  0.0  63064  2752 ?        S    Dec01   0:00 nginx: worker process
this is nginx
Stefano Ortolani
@ostefano
Going down the rabbit hole and ended up editing FileAccessTool.php which is eventually called creating the directory
turns out that if I create another dir just after the one that is indended to be created, this other dir has correct access rights
so there must be another process that kicks in after that that messes up the permissions/ownership
Stefano Ortolani
@ostefano
It's this call
file_put_contents($file, $content, LOCK_EX | (!empty($append) ? FILE_APPEND : 0))
that changes ownership
there is something weird going on ^_^
Stefano Ortolani
@ostefano
Alright, it happens only when the dir is a bind mount apprently
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
So this is a docker@win/mac-problem?
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
Not comforting that both the linked issues are autoclosed
Stefano Ortolani
@ostefano
not comforting at all indeed
iglocska
@andras:matrix.circl.lu
[m]
Yeah the nginx user being able to use root permission is scary
Wonder if it’s abusable 😇
Stefano Ortolani
@ostefano
Actually it's even weirder
Stefano Ortolani
@ostefano
root@db2be3361fba:/var/www/MISP/app/tmp/logs# sudo -u www-data touch test
root@db2be3361fba:/var/www/MISP/app/tmp/logs# ls -las test
0 -rw-r--r-- 1 root root 0 Dec  3 15:04 test
lol
iglocska
@andras:matrix.circl.lu
[m]
Wtf!
😂😂😂
Stefano Ortolani
@ostefano
root@db2be3361fba:/var/www/MISP/app/tmp/logs# sudo -u www-data chown www-data:www-data test
root@db2be3361fba:/var/www/MISP/app/tmp/logs# ls -las test
0 -rw-r--r-- 1 www-data www-data 0 Dec  3 15:04 test
ok am I missing something here?
why the first command succeeds?
Stefano Ortolani
@ostefano
root@db2be3361fba:/var/www/MISP/app/tmp/logs# sudo -u www-data bash
www-data@db2be3361fba:~/MISP/app/tmp/logs$ touch test
www-data@db2be3361fba:~/MISP/app/tmp/logs$ ls -las test
0 -rw-r--r-- 1 www-data www-data 0 Dec  3 15:10 test
www-data@db2be3361fba:~/MISP/app/tmp/logs$ exit
exit
root@db2be3361fba:/var/www/MISP/app/tmp/logs# ls -las test
0 -rw-r--r-- 1 root root 0 Dec  3 15:10 test
lol
Anders Einar (Kagee)
@hildenae:matrix.org
[m]
It sounds like there is a lag/error in what the permissions/ownership is returned at and what docker thinks it actually is when operations is performed
Stefano Ortolani
@ostefano
I am still investigating
Stefano Ortolani
@ostefano
There was a rogue SGID that was messing up with my test case, but the problem is still there for MISP created files, but seems to be still a Docker issue though, but cant pinpoint which one..
Stefano Ortolani
@ostefano
Alright, so this happens only when creating a file (not a directory) inside a bind volume on Docker Desktop for Mac
No idea why ^_^
Carlos Lopez
@clopmz
Good morning .... I am trying to install a fresh MISP 2.4.166 instance and serveral errors are displayed when I try to execute some config/tasks from command line. For example, executing "sudo -H -u apache -g apache /var/www/MISP/app/Console/cake Admin runUpdates" returns several errors like:

Executing all updates to bring the database up to date with the current version.
Executing 62..................Notice Error: Undefined index: REMOTE_ADDR in [/var/www/MISP/app/Model/AppModel.php, line 3916]

2022-12-05 08:10:23 Notice: Undefined index: REMOTE_ADDR in [/var/www/MISP/app/Model/AppModel.php, line 3916]
Notice Error: Undefined index: REMOTE_ADDR in [/var/www/MISP/app/Model/AppModel.php, line 3916]

2022-12-05 08:10:23 Notice: Undefined index: REMOTE_ADDR in [/var/www/MISP/app/Model/AppModel.php, line 3916]
Notice Error: Undefined index: REMOTE_ADDR in [/var/www/MISP/app/Model/AppModel.php, line 3916]

2022-12-05 08:10:23 Notice: Undefined index: REMOTE_ADDR in [/var/www/MISP/app/Model/AppModel.php, line 3916]
Notice Error: Undefined index: REMOTE_ADDR in [/var/www/MISP/app/Model/AppModel.php, line 3916]

2022-12-05 08:10:23 Notice: Undefined index: REMOTE_ADDR in [/var/www/MISP/app/Model/AppModel.php, line 3916]
Notice Error: Undefined index: REMOTE_ADDR in [/var/www/MISP/app/Model/AppModel.php, line 3916]

2022-12-05 08:10:23 Notice: Undefined index: REMOTE_ADDR in [/var/www/MISP/app/Model/AppModel.php, line 3916]
Done
Executing 63..................Notice Error: Undefined index: REMOTE_ADDR in [/var/www/MISP/app/Model/AppModel.php, line 3916]

Another example is when I try to run sudo -H -u apache -g apache /var/www/MISP/app/Console/cake Admin updateWarningLists, returns:
75 warninglists updated, 1 fails
Fails:
List of Azure Applicaiton IDs: Could not save warninglist because of validation errors: {"type":["This field cannot be left blank"]}
Stefano Ortolani
@ostefano
Yep. normal, scroll up for a conv about this
(at least the REMOTE_ADDR errors)