Bug #14950
closed
keyring permisions for mon deamon
Added by Owen Synge about 8 years ago.
Updated over 7 years ago.
Backport:
hammer, infernalis
Affected Versions:
v0.80.10,
v0.80.11,
v0.80.12,
v0.94.2,
v0.94.3,
v0.94.4,
v0.94.5,
v0.94.6,
v0.94.7,
v10.0.0,
v9.1.1,
v9.2.1
Description
The command:
sudo ceph-mon --cluster ceph --mkfs -i ceph-node3 --keyring /var/lib/ceph/tmp/ceph-ceph-node3.mon.keyring
Writes a new keyring with permissions set to "0644".
If I was administering a ceph cluster I would not let users on to the cluster, but others might. Hence this is a serious security flaw suitable for a CVE.
This bug is present in all released versions of ceph I have tested from master to firefly.
I will send a patch in a few mins to resolve this.
- Status changed from New to Fix Under Review
- Assignee set to Owen Synge
- Status changed from Fix Under Review to Resolved
- Backport set to hammer, infernalis, jewel
- Status changed from Resolved to Pending Backport
- Backport changed from hammer, infernalis, jewel to hammer, infernalis
- Copied to Backport #15021: infernalis: keyring permisions for mon deamon added
- Status changed from Pending Backport to Resolved
Also available in: Atom
PDF