Include new Fatal Error Recovery Mode

#1

Something useful from WP 5.2 that could be incorporated in ClassicPress:

Have been working on a plugin conflict tester which could integrate this and would like it to support ClassicPress, but if I start integrating some of the new recovery features would like to make them CP compatible at the same time… so for that to happen the new recovery features would need to be merged into CP.

On a similar note there is also the Site Health check info:

1 Like
#2

I think there was a discussion on Slack regarding this. I will see if I can find it and move it here.

#3

Found it in the #security channel

#4

Yeah perhaps including the Site Health check tests and info is premature at this stage, seems from those notes it is still getting some improvements.

The recovery mode however is another story, this is something WordPress has needed for a long time, and maybe something that ClassicPress could adopt fairly easily.

2 Likes
#5

The recovery mode has even more problems; never say never, but I’m not convinced it’ll be fit to include any time soon.

3 Likes
#6

@invisnet, I agree that the WSOD is mostly useless, but do you have any example of it being actually harmful?

#7

Mainly it’s just not fully thought through and still half - baked. One example is the email it sends - nothing in it to prevent phishing (slavco covered that on slack - don’t see him on here).

1 Like
#8

Slavco (Mihajloski) wrote about the security issue of this feature here. I think it has been patched, but, that’s just a guess. This feature is a nice gesture, but, as @invisnet noted, it just wasn’t completely thought out.

1 Like
#9

So, reading that article, an unpatched outdated version of WooCommerce with an already compromised Shop Manager user login, combined with the new recovery feature, then allows another user to have privilege escalated to admin? It really does seem a bit of a rare stretch, and don’t see how it is a PoC of anything.

I mean, I haven’t had the chance to delve into the actual recovery code, but from a casual read of what it does, doesn’t it send an email to an admin, that then only disables a plugin for that admin user when logged in with recovery mode on? How would that allow another user to escalate anything by triggering a fatal error? They still wouldn’t have admin access, thus no recovery mode access, thus no plugin would be disabled for them to get around meta cap filters. Am I missing something here?

Anyhow, I feel this is going a bit off topic. It’s guess it’s fine if it points to an improvement in the current recovery process - ie. how could it be done better in ClassicPress…? As I said I have been working on my own conflict / error recovery plugin, so actually a bit more interested that question than the current WP implementation, but there is certainly some overlap. Thoughts?

3 Likes
#10

Not completely sure but on second thought this security PoC post may have been regarding the initial recovery mode behaviour which did not send an email nor then set a user cookie for recovery, which may have led to it being improved… :-?