Project

General

Profile

Actions

Bug #15318

open

Users with Deny Config Write privilege can trigger some QinQ interface operations

Added by Steve Wheeler 10 months ago. Updated 4 days ago.

Status:
Feedback
Priority:
Normal
Assignee:
Category:
User Manager / Privileges
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
25.03
Release Notes:
Default
Affected Version:
All
Affected Architecture:
All

Description

Similar to the VLAN issue, users that cannot write config options can create QinQ interfaces at the OS level:

Mar 7 18:29:33     php-fpm     558     /index.php: Successful login for user 'test' from: 172.21.16.8 (Local Database)
Mar 7 18:30:45     php-fpm     59067     Save config permission denied by the 'User - Config: Deny Config Write' permission for user 'test@172.21.16.8 (Local Database)'.
Mar 7 18:30:45     kernel         vlan3: changing name to 'igc2.10'
Mar 7 18:30:45     kernel         igc2: permanently promiscuous mode enabled
Mar 7 18:30:45     kernel         vlan4: changing name to 'igc2.10.25' 

Tested: 24.03.b.20240307.0536


Related issues

Related to Bug #15282: Users with Deny Config Write privilege can trigger some VLAN interface operationsResolvedMarcos M

Actions
Actions #1

Updated by Steve Wheeler 10 months ago

  • Related to Bug #15282: Users with Deny Config Write privilege can trigger some VLAN interface operations added
Actions #2

Updated by Jim Pingle 10 months ago

  • Assignee set to Jim Pingle
Actions #3

Updated by Jim Pingle 10 months ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #4

Updated by Georgiy Tyutyunnik 10 months ago

tested on
Version 24.03-BETA (amd64)
built on Fri Mar 8 4:44:00 UTC 2024
FreeBSD 15.0-CURRENT

patch seems to be in the build already, cannot reproduce.

Actions #5

Updated by Jim Pingle 10 months ago

  • Status changed from Feedback to Resolved
Actions #6

Updated by Marcos M 15 days ago

  • Status changed from Resolved to In Progress
  • Assignee changed from Jim Pingle to Marcos M
  • % Done changed from 100 to 0
  • Plus Target Version changed from 24.03 to 25.01

This is still an issue in 24.11. A commit that went in shortly after the fix caused a regression.

Actions #7

Updated by Marcos M 15 days ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100
Actions #8

Updated by Jim Pingle 12 days ago

  • Plus Target Version changed from 25.01 to 25.03
Actions #9

Updated by Jim Pingle 4 days ago

  • Category changed from Interfaces to User Manager / Privileges
Actions

Also available in: Atom PDF