Bug #21244: way too relaxed syntax checking in ceph auth commands can lead to exploit or used as attack vector? - Ceph - Ceph

Actions

Copy link

Bug #21244

closed

way too relaxed syntax checking in ceph auth commands can lead to exploit or used as attack vector?

Added by Pietari Hyvärinen over 6 years ago. Updated about 3 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

Monitor

Target version:

% Done:

Source:

Tags:

Backport:

Regression:

Severity:

3 - minor

Reviewed:

Affected Versions:

ceph-qa-suite:

Pull request ID:

Crash signature (v1):

Crash signature (v2):

Description

It seams that you can fill whatever strings to auth caps without any warnings.

ceph auth caps client.nova-test osd "rwx pool=cinder-devel,allow kamalaa_with_huge_string_than_can_contain_malicious_strings_ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd pool=whatever"

updated caps for client.nova-test

for write read and execute flags, the system expects that it can find rwx in right order, not in rxw or wrx.
I believe that this functionality is part of this area of the code https://github.com/ceph/ceph/blob/master/src/mon/MonCommands.h

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Ceph

Custom queries

Bug #21244

way too relaxed syntax checking in ceph auth commands can lead to exploit or used as attack vector?

Updated by Josh Durgin over 6 years ago

Updated by Sage Weil about 3 years ago