Potential Bug: Read Only User able to crash syslogd service
-
This occurs when a user is assigned to a group with at least the following permissions:
User - Config: Deny Config Write
WebCfg - Status: Logs: SettingsIf the user navigates to Status > System Logs > Settings and they make a change, such as "Log packets matched from the default pass rules put in the ruleset" or "Send log messages to remote syslog server", the GUI will show the settings saved. Upon a refresh you can see these settings were not saved; however, if you check the system log you'll see:
syslogd exiting on signal 15At this point, no further logging will take place.
The syslogd service will show it is running, but it must be restarted in order for logging to resume.When the syslogd service is restarted, the following is logged:
nginx 2024/11/26 08:31:19 [error] 98553#100154: send() failed (54: Connection reset by peer) while logging to syslog, server: unix:/var/run/logConfirmed across several devices on versions:
pfSense + 23.09.1-RELEASE
pfSense CE 2.7.2-RELEASE -
Mmm, seeing something similar here. Digging....
-
Are you able to test in 24.11?
Do you actually see the config change?
Testing here the denied user is still to make changes to the running syslog conf file which shouldn't happen.
-
Ah Ok, replicated this! There are at least 3 bugs here. Fun*
Incoming...
-
