• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Potential Bug: Read Only User able to crash syslogd service

Scheduled Pinned Locked Moved General pfSense Questions
permissionsserviceslogging
5 Posts 2 Posters 424 Views 3 Watching
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A Offline
    Avg-IT-Guy
    last edited by Nov 26, 2024, 4:54 PM

    This occurs when a user is assigned to a group with at least the following permissions:

    User - Config: Deny Config Write
    WebCfg - Status: Logs: Settings

    If the user navigates to Status > System Logs > Settings and they make a change, such as "Log packets matched from the default pass rules put in the ruleset" or "Send log messages to remote syslog server", the GUI will show the settings saved. Upon a refresh you can see these settings were not saved; however, if you check the system log you'll see:

    syslogd		exiting on signal 15
    

    At this point, no further logging will take place.
    The syslogd service will show it is running, but it must be restarted in order for logging to resume.

    When the syslogd service is restarted, the following is logged:

    nginx		2024/11/26 08:31:19 [error] 98553#100154: send() failed (54: Connection reset by peer) while logging to syslog, server: unix:/var/run/log
    

    Confirmed across several devices on versions:

    pfSense + 23.09.1-RELEASE
    pfSense CE 2.7.2-RELEASE

    1 Reply Last reply Reply Quote 1
    • S Offline
      stephenw10 Netgate Administrator
      last edited by Nov 26, 2024, 11:15 PM

      Mmm, seeing something similar here. Digging....

      1 Reply Last reply Reply Quote 0
      • S Offline
        stephenw10 Netgate Administrator
        last edited by Nov 26, 2024, 11:30 PM

        Are you able to test in 24.11?

        Do you actually see the config change?

        Testing here the denied user is still to make changes to the running syslog conf file which shouldn't happen.

        1 Reply Last reply Reply Quote 0
        • S Offline
          stephenw10 Netgate Administrator
          last edited by Nov 26, 2024, 11:38 PM

          Ah Ok, replicated this! There are at least 3 bugs here. Fun*

          Incoming...

          1 Reply Last reply Reply Quote 1
          • S Offline
            stephenw10 Netgate Administrator
            last edited by Nov 27, 2024, 12:02 AM

            https://redmine.pfsense.org/issues/15874

            https://redmine.pfsense.org/issues/15873

            Thanks! 👍

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received