mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-21 16:32:18 +02:00
Code Issues Projects Releases Wiki Activity

MDL-58109 reports: Add security check for preventexecpath

Browse Source
This commit is contained in:
Brendan Heywood 2017-03-01 15:15:17 +11:00
parent 0f59b6dd75
commit f2b7572a54
2 changed files with 37 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
report/security/lang/en/report_security.php
View File

@ -89,6 +89,11 @@ Do not make the requirements too strict though, as this can result in users not
$string['check_passwordpolicy_error'] = 'Password policy not set.';
$string['check_passwordpolicy_name'] = 'Password policy';
$string['check_passwordpolicy_ok'] = 'Password policy enabled.';
$string['check_preventexecpath_name'] = 'Executable paths';
$string['check_preventexecpath_ok'] = 'Executable paths only settable in config.php.';
$string['check_preventexecpath_warning'] = 'Executable paths can be set in the Admin GUI.';
$string['check_preventexecpath_details'] = '<p>Allowing executable paths to be set via the Admin GUI is a vector for privilege escalation.</p>';
$string['check_riskadmin_detailsok'] = '<p>Please verify the following list of system administrators:</p>{$a}';
$string['check_riskadmin_detailswarning'] = '<p>Please verify the following list of system administrators:</p>{$a->admins}
<p>It is recommended to assign administrator role in the system context only. The following users have (unsupported) admin role assignments in other contexts:</p>{$a->unsupported}';

33
report/security/locallib.php
View File

@ -57,6 +57,7 @@ function report_security_get_issue_list() {
'report_security_check_guestrole',
'report_security_check_frontpagerole',
'report_security_check_webcron',
'report_security_check_preventexecpath',
);
}
@ -866,4 +867,34 @@ function report_security_check_webcron($detailed = false) {
}
return $result;
}
}
/**
* Verifies the status of preventexecpath
*
* @param bool $detailed
* @return object result
*/
function report_security_check_preventexecpath($detailed = false) {
global $CFG;
$result = new stdClass();
$result->issue = 'report_security_check_preventexecpath';
$result->name = get_string('check_preventexecpath_name', 'report_security');
$result->details = null;
$result->link = null;
if (empty($CFG->preventexecpath)) {
$result->status = REPORT_SECURITY_WARNING;
$result->info = get_string('check_preventexecpath_warning', 'report_security');
if ($detailed) {
$result->details = get_string('check_preventexecpath_details', 'report_security');
}
} else {
$result->status = REPORT_SECURITY_OK;
$result->info = get_string('check_preventexecpath_ok', 'report_security');
}
return $result;
}