The on-dhcp-event.sh script is run by isc-dhcp, which runs as nobody:nobody.
That means the sudo is impossible to happen and will generate a security even in the log:
Description
Description
Details
Details
- Difficulty level
- Unknown (require assessment)
- Version
- 1.3
- Why the issue appeared?
- Will be filled on close
- Is it a breaking change?
- Unspecified (possibly destroys the router)
- Issue type
- Bug (incorrect behavior)
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Open | None | T2464 DNS bugs (parent task) | |||
| Resolved | BUG | kroy | T2465 DHCP isn't updating host file when hostfile-update enabled. | ||
| Resolved | BUG | kroy | T2483 DHCP most likely not restarting pdns_recursor |
Event Timeline
Comment Actions
This is related to this change:
https://github.com/vyos/vyos-1x/commit/3fef9d2d71eaae0b862f114fafc756b1706f0e6d
As well as the other ticket about the socket.
Comment Actions
Not really, the change to nobody:nogroup was by c-po in https://github.com/vyos/vyos-1x/commit/f371946044696737d1649d9119665b96430d2328
The commit by me you referenced just fixed a bug that resulted from that change.
Comment Actions
I think this should be fixed by the one that broke this, or no? I don't have the time to do any real work right now. Maybe in a week or 2.
Comment Actions
No worries. I think I've got a simple fix for this. Just needed to step away for a bit
Comment Actions
The above PR419 did not fix the issue as a wrong pdns-recursor process name was used (its real name is 'pdns-rec/worker'). It was fixed as part of T2486.