Project

General

Profile

Bug #3066

impermissible OSD ops get dropped on the floor

Added by Greg Farnum about 8 years ago. Updated over 7 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
OSD
Target version:
% Done:

0%

Source:
Development
Tags:
Backport:
Regression:
No
Severity:
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature:

Description

Right now, an OSD operation that has insufficient permissions gets dropped without an EPERM error being sent back. I can't think of any good DoS reasons to do something like that, and the user experience (eg, using the wrong key, or having messed up granted permissions) can be really terrible, so fix!

It's actually a really simple patch but I'm working on other things and don't want to sidetrack myself into validating it right now — just fix up the couple places that call op_has_sufficient_caps() to call service.reply_op_error(op, -EPERM) before returning.

Associated revisions

Revision a73777a9 (diff)
Added by Sage Weil about 8 years ago

osd: return -EPERM on insufficient caps

Send a failure to the client instead of dropping the request on the floor.

Fixes: #3066
Signed-off-by: Sage Weil <>

History

#1 Updated by Sage Weil over 7 years ago

  • Status changed from New to Resolved

Also available in: Atom PDF