The on-dhcp-event.sh script is run by isc-dhcp, which runs as nobody:nobody.
That means the sudo is impossible to happen and will generate a security even in the log:
The on-dhcp-event.sh script is run by isc-dhcp, which runs as nobody:nobody.
That means the sudo is impossible to happen and will generate a security even in the log:
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Open | None | T2464 DNS bugs (parent task) | |||
Resolved | BUG | kroy | T2465 DHCP isn't updating host file when hostfile-update enabled. | ||
Resolved | BUG | kroy | T2483 DHCP most likely not restarting pdns_recursor |
This is related to this change:
https://github.com/vyos/vyos-1x/commit/3fef9d2d71eaae0b862f114fafc756b1706f0e6d
As well as the other ticket about the socket.
Not really, the change to nobody:nogroup was by c-po in https://github.com/vyos/vyos-1x/commit/f371946044696737d1649d9119665b96430d2328
The commit by me you referenced just fixed a bug that resulted from that change.
I think this should be fixed by the one that broke this, or no? I don't have the time to do any real work right now. Maybe in a week or 2.
No worries. I think I've got a simple fix for this. Just needed to step away for a bit
The above PR419 did not fix the issue as a wrong pdns-recursor process name was used (its real name is 'pdns-rec/worker'). It was fixed as part of T2486.