Project

General

Profile

Bug #16358

Session::check_access() is buggy

Added by Zheng Yan almost 3 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Security Model
Target version:
-
Start date:
06/17/2016
Due date:
% Done:

0%

Source:
other
Tags:
Backport:
jewel
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(FS):
Labels (FS):
Pull request ID:

Description

It calls CInode::make_path_string(path, false, in->get_projected_parent_dn()). The second argument 'false' makes the third argument useless. For newly created inode, the returned path is something like #1xxxxxxxxx. This can cause the access check fails.


Related issues

Copied to fs - Backport #16515: jewel: Session::check_access() is buggy Resolved

History

#1 Updated by Zheng Yan almost 3 years ago

  • Status changed from New to Need Review

#2 Updated by Greg Farnum over 2 years ago

  • Status changed from Need Review to Resolved

#3 Updated by John Spray over 2 years ago

  • Status changed from Resolved to Pending Backport

Seems like this could be serious enough to backport (Zheng: this could happen in normal use, right?)

#4 Updated by Greg Farnum over 2 years ago

Whoops, yes. Luckily only for users of hard links, but that's good enough reason!

#5 Updated by Zheng Yan over 2 years ago

Yes, it could happen for normal case (newly created file). We should backport it

#6 Updated by Loic Dachary over 2 years ago

  • Backport set to jewel

#7 Updated by Loic Dachary over 2 years ago

#8 Updated by Greg Farnum over 2 years ago

  • Category set to Security Model

#9 Updated by Loic Dachary over 2 years ago

  • Status changed from Pending Backport to Resolved

Also available in: Atom PDF