Project

General

Profile

Actions
Copy link

Bug #15318

closed

Users with Deny Config Write privilege can trigger some QinQ interface operations

Added by Steve Wheeler 9 months ago. Updated 9 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Jim Pingle
Category:
Interfaces
Target version:
2.8.0
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
24.03
Release Notes:
Default
Affected Version:
All
Affected Architecture:
All

Description

Similar to the VLAN issue, users that cannot write config options can create QinQ interfaces at the OS level:

Mar 7 18:29:33     php-fpm     558     /index.php: Successful login for user 'test' from: 172.21.16.8 (Local Database)
Mar 7 18:30:45     php-fpm     59067     Save config permission denied by the 'User - Config: Deny Config Write' permission for user 'test@172.21.16.8 (Local Database)'.
Mar 7 18:30:45     kernel         vlan3: changing name to 'igc2.10'
Mar 7 18:30:45     kernel         igc2: permanently promiscuous mode enabled
Mar 7 18:30:45     kernel         vlan4: changing name to 'igc2.10.25'

Tested: 24.03.b.20240307.0536

Related issues

Related to Bug #15282: Users with Deny Config Write privilege can trigger some VLAN interface operationsResolvedJim Pingle

Actions
Actions
Copy link

Also available in: Atom PDF