Actions
Bug #21244
closedway too relaxed syntax checking in ceph auth commands can lead to exploit or used as attack vector?
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Monitor
Target version:
-
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
It seams that you can fill whatever strings to auth caps without any warnings.
- ceph auth caps client.nova-test osd "rwx pool=cinder-devel,allow kamalaa_with_huge_string_than_can_contain_malicious_strings_ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd pool=whatever"
updated caps for client.nova-test
for write read and execute flags, the system expects that it can find rwx in right order, not in rxw or wrx.
I believe that this functionality is part of this area of the code https://github.com/ceph/ceph/blob/master/src/mon/MonCommands.h
Actions