Actions
Bug #15318
openUsers with Deny Config Write privilege can trigger some QinQ interface operations
Status:
Feedback
Priority:
Normal
Assignee:
Category:
User Manager / Privileges
Target version:
Start date:
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
25.03
Release Notes:
Default
Affected Version:
All
Affected Architecture:
All
Description
Similar to the VLAN issue, users that cannot write config options can create QinQ interfaces at the OS level:
Mar 7 18:29:33 php-fpm 558 /index.php: Successful login for user 'test' from: 172.21.16.8 (Local Database) Mar 7 18:30:45 php-fpm 59067 Save config permission denied by the 'User - Config: Deny Config Write' permission for user 'test@172.21.16.8 (Local Database)'. Mar 7 18:30:45 kernel vlan3: changing name to 'igc2.10' Mar 7 18:30:45 kernel igc2: permanently promiscuous mode enabled Mar 7 18:30:45 kernel vlan4: changing name to 'igc2.10.25'
Tested: 24.03.b.20240307.0536
Related issues
Updated by Steve Wheeler 10 months ago
- Related to Bug #15282: Users with Deny Config Write privilege can trigger some VLAN interface operations added
Updated by Jim Pingle 10 months ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 68ed289190a383795194d3499728a0f6023f8a52.
Updated by Georgiy Tyutyunnik 10 months ago
tested on
Version 24.03-BETA (amd64)
built on Fri Mar 8 4:44:00 UTC 2024
FreeBSD 15.0-CURRENT
patch seems to be in the build already, cannot reproduce.
Updated by Marcos M 15 days ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Applied in changeset a4d40f3e5852a3b8cd9ae19460cfe0d8429d32ea.
Updated by Jim Pingle 12 days ago
- Plus Target Version changed from 25.01 to 25.03
Updated by Jim Pingle 4 days ago
- Category changed from Interfaces to User Manager / Privileges
Actions