SecurityInfo Problems #3103

Task 1.12.x
@anonymous-matomo-user opened this Issue on April 12th 2012

Hi!

I am trying to make my piwik installation as secure as possible using the Security plugin. I did research in the FAQ and other places and didn't find a solution! In my (windows) localhost I have no problems, but in my real server, I got several (8 in total)! One of them is:

Notice: Undefined offset:1 in /hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php on line 538

Backtrace -->
<a href='/0'>#0</a> Piwik_ErrorHandler(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php:538]<a href='/1'>#1</a> PhpSecInfo_Test->getUnixId(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Core/uid.php:57]<a href='/2'>#2</a> PhpSecInfo_Test_Core_Uid->_retrieveCurrentValue(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php:118]<a href='/3'>#3</a> PhpSecInfo_Test->PhpSecInfo_Test(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:276]<a href='/4'>#4</a> PhpSecInfo->runTests(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:476]<a href='/5'>#5</a> PhpSecInfo->loadAndRun(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/Controller.php:28]<a href='/6'>#6</a> Piwik_SecurityInfo_Controller->index(...) called at [:]<a href='/7'>#7</a> call_user_func_array(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/core/FrontController.php:138]<a href='/8'>#8</a> Piwik_FrontController->dispatch(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/index.php:53]

The other 7 are variations of the above, with 1 substitued by 2, and 118 by 278. Any help would be very much appreciated!

Eduardo

@robocoder commented on April 12th 2012 Contributor

What's the output of this script on your real host?

<?php  var_dump(exec('id'));
@anonymous-matomo-user commented on April 12th 2012

Replying to vipsoft:

What's the output of this script on your real host?

<?php  var_dump(exec('id'));

Hello vipsoft!!!

The output of the script in my real server is:

string(75) "uid=2705636(ipg.var4castcom) gid=15010(cgiuser) groups=15020,15010(cgiuser)"
@robocoder commented on April 12th 2012 Contributor

(In [6205]) refs #3103 - handle gid without group name; please test patch and provide feedback

@anonymous-matomo-user commented on April 13th 2012

Replying to vipsoft:

(In [6205]) refs #3103 - handle gid without group name; please test patch and provide feedback

Hi vipsoft!

Hier are the outputs:

Notice: Array to string conversion in /hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php on line 537

Backtrace -->
<a href='/0'>#0</a> Piwik_ErrorHandler(...) called at [:]<a href='/1'>#1</a> explode(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php:537]<a href='/2'>#2</a> PhpSecInfo_Test->getUnixId(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Core/uid.php:57]<a href='/3'>#3</a> PhpSecInfo_Test_Core_Uid->_retrieveCurrentValue(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php:119]<a href='/4'>#4</a> PhpSecInfo_Test->PhpSecInfo_Test(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:276]<a href='/5'>#5</a> PhpSecInfo->runTests(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:476]<a href='/6'>#6</a> PhpSecInfo->loadAndRun(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/Controller.php:28]<a href='/7'>#7</a> Piwik_SecurityInfo_Controller->index(...) called at [:]<a href='/8'>#8</a> call_user_func_array(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/core/FrontController.php:138]<a href='/9'>#9</a> Piwik_FrontController->dispatch(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/index.php:53]
Notice: Array to string conversion in /hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php on line 537

Backtrace -->
<a href='/0'>#0</a> Piwik_ErrorHandler(...) called at [:]<a href='/1'>#1</a> explode(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php:537]<a href='/2'>#2</a> PhpSecInfo_Test->getUnixId(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Core/uid.php:48]<a href='/3'>#3</a> PhpSecInfo_Test_Core_Uid->isTestable(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:278]<a href='/4'>#4</a> PhpSecInfo->runTests(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:476]<a href='/5'>#5</a> PhpSecInfo->loadAndRun(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/Controller.php:28]<a href='/6'>#6</a> Piwik_SecurityInfo_Controller->index(...) called at [:]<a href='/7'>#7</a> call_user_func_array(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/core/FrontController.php:138]<a href='/8'>#8</a> Piwik_FrontController->dispatch(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/index.php:53]
Notice: Array to string conversion in /hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php on line 537

Backtrace -->
<a href='/0'>#0</a> Piwik_ErrorHandler(...) called at [:]<a href='/1'>#1</a> explode(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php:537]<a href='/2'>#2</a> PhpSecInfo_Test->getUnixId(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Core/gid.php:57]<a href='/3'>#3</a> PhpSecInfo_Test_Core_Gid->_retrieveCurrentValue(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php:119]<a href='/4'>#4</a> PhpSecInfo_Test->PhpSecInfo_Test(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:276]<a href='/5'>#5</a> PhpSecInfo->runTests(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:476]<a href='/6'>#6</a> PhpSecInfo->loadAndRun(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/Controller.php:28]<a href='/7'>#7</a> Piwik_SecurityInfo_Controller->index(...) called at [:]<a href='/8'>#8</a> call_user_func_array(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/core/FrontController.php:138]<a href='/9'>#9</a> Piwik_FrontController->dispatch(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/index.php:53]
Notice: Array to string conversion in /hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php on line 537

Backtrace -->
<a href='/0'>#0</a> Piwik_ErrorHandler(...) called at [:]<a href='/1'>#1</a> explode(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Test.php:537]<a href='/2'>#2</a> PhpSecInfo_Test->getUnixId(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/Test/Core/gid.php:49]<a href='/3'>#3</a> PhpSecInfo_Test_Core_Gid->isTestable(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:278]<a href='/4'>#4</a> PhpSecInfo->runTests(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/PhpSecInfo/PhpSecInfo.php:476]<a href='/5'>#5</a> PhpSecInfo->loadAndRun(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/plugins/SecurityInfo/Controller.php:28]<a href='/6'>#6</a> Piwik_SecurityInfo_Controller->index(...) called at [:]<a href='/7'>#7</a> call_user_func_array(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/core/FrontController.php:138]<a href='/8'>#8</a> Piwik_FrontController->dispatch(...) called at [/hermes/bosweb/web197/b1970/ipg.var4castcom/piwik/index.php:53]

And the output of

var_dump(exec('id'));

is

string(75) "uid=2705636(ipg.var4castcom) gid=15010(cgiuser) groups=15020,15010(cgiuser)"

Thanks so much for your concern and time!!!

Eduardo

@robocoder commented on April 13th 2012 Contributor

It doesn't look like the patch applied cleanly because your line numbers don't jive with our copy. Please replace Test.php with this file from svn.

https://github.com/piwik/piwik/blob/master/6205/trunk/plugins/SecurityInfo/PhpSecInfo/Test/Test.php

@anonymous-matomo-user commented on April 13th 2012

Hi vipsoft!!!

Thanks so much!!!

All those messages are gone forever!!!

Have nice one!!!

Eduardo

This Issue was closed on April 13th 2012
Home | Back
Powered by GitHub Issue Mirror
Privacy Policy