Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Potential Bug: Read Only User able to crash syslogd service

    Scheduled Pinned Locked Moved General pfSense Questions
    permissionsserviceslogging
    5 Posts 2 Posters 359 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Avg-IT-Guy
      last edited by

      This occurs when a user is assigned to a group with at least the following permissions:

      User - Config: Deny Config Write
      WebCfg - Status: Logs: Settings

      If the user navigates to Status > System Logs > Settings and they make a change, such as "Log packets matched from the default pass rules put in the ruleset" or "Send log messages to remote syslog server", the GUI will show the settings saved. Upon a refresh you can see these settings were not saved; however, if you check the system log you'll see:

      syslogd		exiting on signal 15
      

      At this point, no further logging will take place.
      The syslogd service will show it is running, but it must be restarted in order for logging to resume.

      When the syslogd service is restarted, the following is logged:

      nginx		2024/11/26 08:31:19 [error] 98553#100154: send() failed (54: Connection reset by peer) while logging to syslog, server: unix:/var/run/log
      

      Confirmed across several devices on versions:

      pfSense + 23.09.1-RELEASE
      pfSense CE 2.7.2-RELEASE

      1 Reply Last reply Reply Quote 1
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Mmm, seeing something similar here. Digging....

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Are you able to test in 24.11?

          Do you actually see the config change?

          Testing here the denied user is still to make changes to the running syslog conf file which shouldn't happen.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Ah Ok, replicated this! There are at least 3 bugs here. Fun*

            Incoming...

            1 Reply Last reply Reply Quote 1
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              https://redmine.pfsense.org/issues/15874

              https://redmine.pfsense.org/issues/15873

              Thanks! 👍

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.