Project

General

Profile

Actions
Copy link

Bug #3226

closed

osd: invalid capability string can allow arbitrary access

Added by Josh Durgin over 11 years ago. Updated over 11 years ago.

Status:
Resolved
Priority:
Urgent
Assignee:
Josh Durgin
Category:
OSD
Target version:
v0.54a
% Done:

0%

Source:
Development
Tags:
Backport:
Regression:
Severity:
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

If you use the cap osd 'allow rwx pool=bar', the parser will add the grant for 'allow rwx', but fail to parse the 'foo=bar' part without clearing the grants.

Actions
Copy link
 #1

Updated by Josh Durgin over 11 years ago

The first commit in wip-osd-caps fixes this.

Actions
Copy link
 #2

Updated by Josh Durgin over 11 years ago

  • Target version set to v0.54a
Actions
Copy link
 #3

Updated by Josh Durgin over 11 years ago

  • Status changed from Fix Under Review to Resolved
Actions
Copy link
 #4

Updated by Josh Durgin over 11 years ago

  • Backport deleted (argonaut)

Argonaut does not have this bug. It was introduced in a post-argonaut refactoring of OSDCaps.

Actions
Copy link

Also available in: Atom PDF