Project

General

Profile

Bug #16358

Session::check_access() is buggy

Added by Zheng Yan almost 8 years ago. Updated over 7 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Security Model
Target version:
-
% Done:

0%

Source:
other
Tags:
Backport:
jewel
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(FS):
Labels (FS):
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

It calls CInode::make_path_string(path, false, in->get_projected_parent_dn()). The second argument 'false' makes the third argument useless. For newly created inode, the returned path is something like #1xxxxxxxxx. This can cause the access check fails.


Related issues

Copied to CephFS - Backport #16515: jewel: Session::check_access() is buggy Resolved

History

#1 Updated by Zheng Yan almost 8 years ago

  • Status changed from New to Fix Under Review

#2 Updated by Greg Farnum over 7 years ago

  • Status changed from Fix Under Review to Resolved

#3 Updated by John Spray over 7 years ago

  • Status changed from Resolved to Pending Backport

Seems like this could be serious enough to backport (Zheng: this could happen in normal use, right?)

#4 Updated by Greg Farnum over 7 years ago

Whoops, yes. Luckily only for users of hard links, but that's good enough reason!

#5 Updated by Zheng Yan over 7 years ago

Yes, it could happen for normal case (newly created file). We should backport it

#6 Updated by Loïc Dachary over 7 years ago

  • Backport set to jewel

#7 Updated by Loïc Dachary over 7 years ago

#8 Updated by Greg Farnum over 7 years ago

  • Category set to Security Model

#9 Updated by Loïc Dachary over 7 years ago

  • Status changed from Pending Backport to Resolved

Also available in: Atom PDF