Actions
Bug #15318
closed
Users with Deny Config Write privilege can trigger some QinQ interface operations
Start date:
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
24.03
Release Notes:
Default
Affected Version:
All
Affected Architecture:
All
Description
Similar to the VLAN issue, users that cannot write config options can create QinQ interfaces at the OS level:
Mar 7 18:29:33 php-fpm 558 /index.php: Successful login for user 'test' from: 172.21.16.8 (Local Database) Mar 7 18:30:45 php-fpm 59067 Save config permission denied by the 'User - Config: Deny Config Write' permission for user 'test@172.21.16.8 (Local Database)'. Mar 7 18:30:45 kernel vlan3: changing name to 'igc2.10' Mar 7 18:30:45 kernel igc2: permanently promiscuous mode enabled Mar 7 18:30:45 kernel vlan4: changing name to 'igc2.10.25'
Tested: 24.03.b.20240307.0536
Related issues
Updated by Steve Wheeler 9 months ago
- Related to Bug #15282: Users with Deny Config Write privilege can trigger some VLAN interface operations added
Updated by Jim Pingle 9 months ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 68ed289190a383795194d3499728a0f6023f8a52.
Updated by Georgiy Tyutyunnik 9 months ago
tested on
Version 24.03-BETA (amd64)
built on Fri Mar 8 4:44:00 UTC 2024
FreeBSD 15.0-CURRENT
patch seems to be in the build already, cannot reproduce.
Actions