Bug #43268: Restrict admin socket commands more from the Ceph tool - RADOS - Ceph

Actions

Copy link

Bug #43268

open

Restrict admin socket commands more from the Ceph tool

Added by Greg Farnum over 4 years ago. Updated over 1 year ago.

Status:

New

Priority:

High

Assignee:

Category:

Security

Target version:

% Done:

Source:

Tags:

medium-hanging-fruit

Backport:

Regression:

Severity:

3 - minor

Reviewed:

Affected Versions:

ceph-qa-suite:

Component(RADOS):

Pull request ID:

Crash signature (v1):

Crash signature (v2):

Description

https://bugzilla.redhat.com/show_bug.cgi?id=1780458

It sounds like we've given admin socket access to any cephx user who has mon w permissions, which isn't really sufficient. They can for instance now force monitor elections on-demand!

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Ceph » RADOS

Custom queries

Bug #43268

Restrict admin socket commands more from the Ceph tool

Updated by Greg Farnum about 2 years ago

Updated by Radoslaw Zarzynski about 2 years ago

Updated by Greg Farnum over 1 year ago

Updated by Radoslaw Zarzynski over 1 year ago