function piholeStatus() is flooding syslog with www-data sudo to root messages

[thelner]

Versions

Pi-hole version is v5.9 (Latest: v5.9)
AdminLTE version is v5.11 (Latest: v5.11)
FTL version is v5.14 (Latest: v5.14)

Platform

• OS and version:
  Debian GNU/Linux 11 (Raspberry Pi OS (64-bit))

• Platform:
  Raspberry Pi 4

Actual behavior / bug

With the addition of "Use piholeStatus() in header.php #2062", every time "function piholeStatus()" (scripts/pi-hole/php/func.php) is called, this is written to the systemd journal once per second the entire time the pi-hole web page is loaded:

Feb 15 12:11:50 pihole4 sudo[120279]: www-data : PWD=/var/www/html/admin ; USER=root ; COMMAND=/usr/local/bin/pihole status web
Feb 15 12:11:50 pihole4 sudo[120279]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=33)
Feb 15 12:11:50 pihole4 sudo[120279]: pam_unix(sudo:session): session closed for user root

This is not only flooding the systemd journal but causing high system loads because of IO wait.

Steps to reproduce

Steps to reproduce the behavior:

1. Load Pi-Hole webpage
2. View systemd journal: $ sudo journalctl -xe

Debug Token

https://tricorder.pi-hole.net/YqF94i7Y/

Additional Info

To temporarily solve this, I edited scripts/pi-hole/php/func.php to stop calling pihole_execute('status web'):

function piholeStatus()
{
// Receive the return of "pihole status web"
// $pistatus = pihole_execute('status web');
$pistatus = '53';
return isset($pistatus[0]) ? intval($pistatus[0]) : -2;
}

[zoqaeski]

I've also noticed this behaviour since the new update.

[yubiuser]

I can confirm the behavior but I'm not sure if this is new. Before pi-hole/AdminLTE#2062 header.php directly called pihole_execute('status web'). Now it calls piholeStatus() in func.php which itself also only calls pihole_execute('status web')

https://github.com/pi-hole/AdminLTE/blob/64bbce906b31c213183db7b6f0547513423e4bbf/scripts/pi-hole/php/func.php#L487-L491

[yubiuser]

I think the "real" issue is a more general one: the pihole script checks for root privileges right at the start and not only for functions that need it. E.g. pihole status and pihole -h should not require root access. See #2927

[pralor-bot]

This issue has been mentioned on Pi-hole Userspace. There might be relevant details there:

https://discourse.pi-hole.net/t/pi-hole-spamming-auth-log/53637/2

[github-actions]

This issue is stale because it has been open 30 days with no activity. Please comment or update this issue or it will be closed in 5 days.

[yubiuser]

Should be mitigated by pi-hole/AdminLTE#2126