Project

General

Profile

Actions
Copy link

Bug #21244

closed

way too relaxed syntax checking in ceph auth commands can lead to exploit or used as attack vector?

Added by Pietari Hyvärinen over 6 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Monitor
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

It seams that you can fill whatever strings to auth caps without any warnings.

  1. ceph auth caps client.nova-test osd "rwx pool=cinder-devel,allow kamalaa_with_huge_string_than_can_contain_malicious_strings_ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd pool=whatever"

updated caps for client.nova-test

for write read and execute flags, the system expects that it can find rwx in right order, not in rxw or wrx.
I believe that this functionality is part of this area of the code https://github.com/ceph/ceph/blob/master/src/mon/MonCommands.h

Actions
Copy link
 #1

Updated by Josh Durgin over 6 years ago

The monitors don't interpret the caps strings - that's done by the relevant daemon since e.g. the osds may be at a different version. See https://github.com/ceph/ceph/blob/master/src/osd/OSDCap.cc#L285 . Since the capabilities are whitelists, incoherent strings simply mean no permissions. Setting capabilities is generally not allowed by usual client user permissions, but if you see some problem we could e.g. add a maximum size for the string if that's missing.

Actions
Copy link
 #2

Updated by Sage Weil almost 3 years ago

  • Status changed from New to Closed
Actions
Copy link

Also available in: Atom PDF