Actions
Bug #20217
closedcephfs can be mounted even when keyring is modified
% Done:
0%
Source:
Tags:
fs
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Description
Modified the last letter of keyring, cephfs can be mounted with this wrong keyring and write/read operation is also allowed.
For example the original keyring is:
AQD6wjRZQPEcORAAeXPNPkN36VEiwc7Y/OBZcw==
the modified keyring is:
AQD6wjRZQPEcORAAeXPNPkN36VEiwc7Y/OBZcx==
or
AQD6wjRZQPEcORAAeXPNPkN36VEiwc7Y/OBZcy==
A change pattern seems like change the "w" to "x" or "A" to "B", which always work.
Numbers of keyrings are tested and the problem remains.
How does ceph cluster verify the client's keyring, is it a 100% comparison?
Actions