Bug #3226: osd: invalid capability string can allow arbitrary access - Ceph - Ceph

Bug #3226

osd: invalid capability string can allow arbitrary access

Added by Josh Durgin over 10 years ago. Updated over 10 years ago.

Status:

Resolved

Priority:

Urgent

Assignee:

Josh Durgin

Category:

OSD

Target version:

v0.54a

% Done:

Source:

Development

Tags:

Backport:

Regression:

Severity:

3 - minor

Reviewed:

Affected Versions:

ceph-qa-suite:

Pull request ID:

Crash signature (v1):

Crash signature (v2):

Description

If you use the cap osd 'allow rwx pool=bar', the parser will add the grant for 'allow rwx', but fail to parse the 'foo=bar' part without clearing the grants.

History

#1 Updated by Josh Durgin over 10 years ago

The first commit in wip-osd-caps fixes this.

#2 Updated by Josh Durgin over 10 years ago

Target version set to v0.54a

Fixed by 303f640ce561c22a85a16b49585a22115273f790

#3 Updated by Josh Durgin over 10 years ago

Status changed from Fix Under Review to Resolved

#4 Updated by Josh Durgin over 10 years ago

Backport deleted (~~argonaut~~)

Argonaut does not have this bug. It was introduced in a post-argonaut refactoring of OSDCaps.

Also available in: Atom PDF

Project

General

Profile

Ceph

Issues

Tags

Custom queries