Project

General

Profile

Bug #10781

Incorrect env variables if admin user logged in via ssh

Added by Viktor Gurov 2 months ago. Updated 12 days ago.

Status:
Resolved
Priority:
Normal
Category:
DNS Resolver
Target version:
Start date:
07/21/2020
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.4.5-p1
Affected Architecture:

Description

How to reproduce:
1. ssh in as admin@
2. menu entries 16/11

after that running 'echo <any_command> | su -m <anyuser>' on the Diagnostics / Command Prompt page shows /etc/rc.initial menu:

pfSense - Netgate Device ID: XXX

*** Welcome to 2.4.5-RELEASE-p1 (amd64) on pf4 ***

 WAN (wan)       -> vtnet1     -> v4/DHCP4: 192.168.1.100/24
 LAN (lan)       -> vtnet0     -> v4: 192.168.2.4/24
 OPT1 (opt1)     -> vtnet2     -> v4: 172.16.3.6/24

 0) Logout (SSH only)                  9) pfTop
 1) Assign Interfaces                 10) Filter Logs
 2) Set interface(s) IP address       11) Restart webConfigurator
 3) Reset webConfigurator password    12) PHP shell + pfSense tools
 4) Reset to factory defaults         13) Update from console
 5) Reboot system                     14) Disable Secure Shell (sshd)
 6) Halt system                       15) Restore recent configuration
 7) Ping host                         16) Restart PHP-FPM
 8) Shell

pfSense - Netgate Device ID: XXX

*** Welcome to pfSense 2.4.5-RELEASE-p1 (amd64) on pf4 ***

 WAN (wan)       -> vtnet1     -> v4/DHCP4: 192.168.1.100/24
 LAN (lan)       -> vtnet0     -> v4: 192.168.2.4/24
 OPT1 (opt1)     -> vtnet2     -> v4: 172.16.3.6/24

 0) Logout (SSH only)                  9) pfTop
 1) Assign Interfaces                 10) Filter Logs
 2) Set interface(s) IP address       11) Restart webConfigurator
 3) Reset webConfigurator password    12) PHP shell + pfSense tools
 4) Reset to factory defaults         13) Update from console
 5) Reboot system                     14) Disable Secure Shell (sshd)
 6) Halt system                       15) Restore recent configuration
 7) Ping host                         16) Restart PHP-FPM
 8) Shell

kill: 2121: Operation not permitted

It seems that $SSH_TTY from admin@ ssh session is used in https://github.com/pfsense/pfsense/blob/master/src/etc/skel/dot.profile

This causes DNS Resolver restart service issue https://forum.netgate.com/topic/154721/dns-resolver-issue-since-2-4-5-p1-upgrade-from-2-4-4-p3:
The following input errors were detected:

The generated config file cannot be parsed by unbound. Please correct the following errors:
/var/unbound/test/unbound_server.pem: No such file or directory
[1592837331] unbound-checkconf[8845:0] fatal error: server-cert-file: "/var/unbound/test/unbound_server.pem" does not exist

as it uses 'su -m' command: https://github.com/pfsense/pfsense/blob/ba6398892350503d60ca324d4738dcf16f5d5c8e/src/etc/inc/unbound.inc#L629

How to resolve:
1. ssh in as root@
2. menu entries 16/11

same issue on 2.5.0.a.20200721.0050

Associated revisions

Revision 495bfb5d (diff)
Added by Viktor Gurov 2 months ago

DNS Resolver restart fix. Issue #10781

History

#1 Updated by Viktor Gurov 2 months ago

  • Category changed from Web Interface to DNS Resolver

#3 Updated by Jim Pingle 2 months ago

  • Status changed from New to Pull Request Review
  • Target version set to 2.5.0

#4 Updated by Renato Botelho about 1 month ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

#5 Updated by Max Leighton 12 days ago

  • Status changed from Feedback to Resolved

When replicating the behavior in 2.4.5_1 I was also seeing this error when making changes to the DNS Resolver:

The generated config file cannot be parsed by unbound. Please correct the following errors:
/var/unbound/test/root.key: No such file or directory
[1600096422] unbound-checkconf[92233:0] fatal error: auto-trust-anchor-file: "/var/unbound/test/root.key" does not exist in chrootdir /var/unbound

Tested in:

2.5.0-DEVELOPMENT (amd64)
built on Mon Sep 14 07:02:16 EDT 2020
FreeBSD 12.2-PRERELEASE

And confirmed this is no longer an issue. Resolving the ticket.

Also available in: Atom PDF