Project

General

Profile

Actions
Copy link

Bug #10781

closed

Incorrect env variables if admin user logged in via ssh

Added by Viktor Gurov over 4 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Renato Botelho
Category:
DNS Resolver
Target version:
2.5.0
Start date:
07/21/2020
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.5-p1
Affected Architecture:

Description

How to reproduce:
1. ssh in as admin@
2. menu entries 16/11

after that running 'echo <any_command> | su -m <anyuser>' on the Diagnostics / Command Prompt page shows /etc/rc.initial menu:

pfSense - Netgate Device ID: XXX

*** Welcome to 2.4.5-RELEASE-p1 (amd64) on pf4 ***

 WAN (wan)       -> vtnet1     -> v4/DHCP4: 192.168.1.100/24
 LAN (lan)       -> vtnet0     -> v4: 192.168.2.4/24
 OPT1 (opt1)     -> vtnet2     -> v4: 172.16.3.6/24

 0) Logout (SSH only)                  9) pfTop
 1) Assign Interfaces                 10) Filter Logs
 2) Set interface(s) IP address       11) Restart webConfigurator
 3) Reset webConfigurator password    12) PHP shell + pfSense tools
 4) Reset to factory defaults         13) Update from console
 5) Reboot system                     14) Disable Secure Shell (sshd)
 6) Halt system                       15) Restore recent configuration
 7) Ping host                         16) Restart PHP-FPM
 8) Shell

pfSense - Netgate Device ID: XXX

*** Welcome to pfSense 2.4.5-RELEASE-p1 (amd64) on pf4 ***

 WAN (wan)       -> vtnet1     -> v4/DHCP4: 192.168.1.100/24
 LAN (lan)       -> vtnet0     -> v4: 192.168.2.4/24
 OPT1 (opt1)     -> vtnet2     -> v4: 172.16.3.6/24

 0) Logout (SSH only)                  9) pfTop
 1) Assign Interfaces                 10) Filter Logs
 2) Set interface(s) IP address       11) Restart webConfigurator
 3) Reset webConfigurator password    12) PHP shell + pfSense tools
 4) Reset to factory defaults         13) Update from console
 5) Reboot system                     14) Disable Secure Shell (sshd)
 6) Halt system                       15) Restore recent configuration
 7) Ping host                         16) Restart PHP-FPM
 8) Shell

kill: 2121: Operation not permitted

It seems that $SSH_TTY from admin@ ssh session is used in https://github.com/pfsense/pfsense/blob/master/src/etc/skel/dot.profile

This causes DNS Resolver restart service issue https://forum.netgate.com/topic/154721/dns-resolver-issue-since-2-4-5-p1-upgrade-from-2-4-4-p3:
The following input errors were detected:

The generated config file cannot be parsed by unbound. Please correct the following errors:
/var/unbound/test/unbound_server.pem: No such file or directory
[1592837331] unbound-checkconf[8845:0] fatal error: server-cert-file: "/var/unbound/test/unbound_server.pem" does not exist

as it uses 'su -m' command: https://github.com/pfsense/pfsense/blob/ba6398892350503d60ca324d4738dcf16f5d5c8e/src/etc/inc/unbound.inc#L629

How to resolve:
1. ssh in as root@
2. menu entries 16/11

same issue on 2.5.0.a.20200721.0050

Actions
Copy link

Also available in: Atom PDF