Bug #16358
Session::check_access() is buggy
Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Security Model
Target version:
-
% Done:
0%
Source:
other
Tags:
Backport:
jewel
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(FS):
Labels (FS):
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
It calls CInode::make_path_string(path, false, in->get_projected_parent_dn()). The second argument 'false' makes the third argument useless. For newly created inode, the returned path is something like #1xxxxxxxxx. This can cause the access check fails.
Related issues
History
#1 Updated by Zheng Yan almost 8 years ago
- Status changed from New to Fix Under Review
#2 Updated by Greg Farnum over 7 years ago
- Status changed from Fix Under Review to Resolved
#3 Updated by John Spray over 7 years ago
- Status changed from Resolved to Pending Backport
Seems like this could be serious enough to backport (Zheng: this could happen in normal use, right?)
#4 Updated by Greg Farnum over 7 years ago
Whoops, yes. Luckily only for users of hard links, but that's good enough reason!
#5 Updated by Zheng Yan over 7 years ago
Yes, it could happen for normal case (newly created file). We should backport it
#6 Updated by Loïc Dachary over 7 years ago
- Backport set to jewel
#7 Updated by Loïc Dachary over 7 years ago
- Copied to Backport #16515: jewel: Session::check_access() is buggy added
#8 Updated by Greg Farnum over 7 years ago
- Category set to Security Model
#9 Updated by Loïc Dachary over 7 years ago
- Status changed from Pending Backport to Resolved