Bug #20217: cephfs can be mounted even when keyring is modified - Ceph - Ceph

Actions

Copy link

Bug #20217

closed

cephfs can be mounted even when keyring is modified

Added by xiaomeng tu almost 7 years ago. Updated almost 7 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

Target version:

v10.2.7

% Done:

Source:

Tags:

Backport:

Regression:

Severity:

3 - minor

Reviewed:

Affected Versions:

v10.2.7

ceph-qa-suite:

Pull request ID:

Crash signature (v1):

Crash signature (v2):

Description

Modified the last letter of keyring, cephfs can be mounted with this wrong keyring and write/read operation is also allowed.

For example the original keyring is:
AQD6wjRZQPEcORAAeXPNPkN36VEiwc7Y/OBZcw==

the modified keyring is:
AQD6wjRZQPEcORAAeXPNPkN36VEiwc7Y/OBZcx==

or
AQD6wjRZQPEcORAAeXPNPkN36VEiwc7Y/OBZcy==

A change pattern seems like change the "w" to "x" or "A" to "B", which always work.
Numbers of keyrings are tested and the problem remains.

How does ceph cluster verify the client's keyring, is it a 100% comparison?

Related issues 1 (0 open — 1 closed)

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Ceph

Custom queries

Bug #20217

cephfs can be mounted even when keyring is modified

Updated by xiaomeng tu almost 7 years ago

Updated by Nathan Cutler almost 7 years ago

Updated by Greg Farnum almost 7 years ago