Actions
Bug #14950
closedkeyring permisions for mon deamon
% Done:
0%
Description
The command:
sudo ceph-mon --cluster ceph --mkfs -i ceph-node3 --keyring /var/lib/ceph/tmp/ceph-ceph-node3.mon.keyring
Writes a new keyring with permissions set to "0644".
If I was administering a ceph cluster I would not let users on to the cluster, but others might. Hence this is a serious security flaw suitable for a CVE.
This bug is present in all released versions of ceph I have tested from master to firefly.
I will send a patch in a few mins to resolve this.
Updated by Nathan Cutler about 8 years ago
Note: the PR containing the above commit is https://github.com/ceph/ceph/pull/7880
Updated by Kefu Chai about 8 years ago
- Status changed from New to Fix Under Review
- Assignee set to Owen Synge
Updated by Kefu Chai about 8 years ago
- Status changed from Fix Under Review to Resolved
Updated by Kefu Chai about 8 years ago
- Backport set to hammer, infernalis, jewel
Updated by Kefu Chai about 8 years ago
- Status changed from Resolved to Pending Backport
Updated by Nathan Cutler about 8 years ago
- Backport changed from hammer, infernalis, jewel to hammer, infernalis
Updated by Nathan Cutler about 8 years ago
- Copied to Backport #15021: infernalis: keyring permisions for mon deamon added
Updated by Nathan Cutler about 8 years ago
- Copied to Backport #15022: hammer: keyring permisions for mon deamon added
Updated by Loïc Dachary over 7 years ago
- Status changed from Pending Backport to Resolved
Actions