Project

General

Profile

Actions
Copy link

Bug #15874

open

Users with deny config write privilege can trigger logging operations

Added by Steve Wheeler 7 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Web Interface
Target version:
2.8.0
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
25.01
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

A user with the deny_config_write privilege set and access to the log settings page can still trigger the syslog daemon to restart and it fail to do so:

Nov 26 23:32:06     php-fpm     69047     Save config permission denied by the 'User - Config: Deny Config Write' permission for user 'Test@172.21.16.8 (Local Database)'.
Nov 26 23:32:06     sshguard     41111     Exiting on signal.
Nov 26 23:32:06     syslogd         exiting on signal 15

Nothing further is logged until the log settings page is resaved by a privileged user. The service cannot be restarted until then.

Nov 26 23:45:23     syslogd         kernel boot file is /boot/kernel/kernel
Nov 26 23:45:23     sshguard     27010     Now monitoring attacks.
Nov 26 23:45:23     nginx         2024/11/26 23:45:23 [error] 68831#116459: send() failed (54: Connection reset by peer) while logging to syslog, server: unix:/var/run/log

Tested 24.11.

See: https://forum.netgate.com/topic/195331/potential-bug-read-only-user-able-to-crash-syslogd-service

No data to display

Actions
Copy link

Also available in: Atom PDF