Actions
Bug #43268
openRestrict admin socket commands more from the Ceph tool
Status:
New
Priority:
High
Assignee:
-
Category:
Security
Target version:
-
% Done:
0%
Source:
Tags:
medium-hanging-fruit
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(RADOS):
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
https://bugzilla.redhat.com/show_bug.cgi?id=1780458
It sounds like we've given admin socket access to any cephx user who has mon w permissions, which isn't really sufficient. They can for instance now force monitor elections on-demand!
Actions