Project

General

Profile

Bug #48555

pybind/ceph_volume_client: allows authorize on auth_ids not created through ceph_volume_client

Added by Patrick Donnelly about 1 month ago. Updated 14 days ago.

Status:
Resolved
Priority:
Normal
Category:
-
Target version:
% Done:

0%

Source:
Community (dev)
Tags:
Backport:
octopus,nautilus,luminous
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(FS):
VolumeClient
Labels (FS):
Pull request ID:
Crash signature:

Related issues

Copied to CephFS - Backport #48637: octopus: pybind/ceph_volume_client: allows authorize on auth_ids not created through ceph_volume_client Resolved
Copied to CephFS - Backport #48638: nautilus: pybind/ceph_volume_client: allows authorize on auth_ids not created through ceph_volume_client Resolved
Copied to CephFS - Backport #48639: luminous: pybind/ceph_volume_client: allows authorize on auth_ids not created through ceph_volume_client Resolved

History

#2 Updated by Patrick Donnelly about 1 month ago

  • Status changed from Fix Under Review to Resolved

Backports done manually.

#3 Updated by Patrick Donnelly about 1 month ago

  • Status changed from Resolved to Pending Backport

#4 Updated by Patrick Donnelly about 1 month ago

  • Private changed from Yes to No

#5 Updated by Patrick Donnelly about 1 month ago

commit c6121e48ecb7224e5addf4b5fdeb64907a8d8683 upstream/heads/master
Merge: 9838e03b012 aa4beb3d993
Author: Patrick Donnelly <pdonnell@redhat.com>
Date:   Wed Dec 16 08:19:21 2020 -0800

    Merge branch 'CVE-2020-27781' into master

    * CVE-2020-27781:
      tasks/cephfs/test_volume_client: Add tests for authorize/deauthorize
      pybind/ceph_volume_client: Optionally authorize existing auth-ids
      pybind/ceph_volume_client: Preserve existing caps while authorize/deauthorize auth-id
      pybind/ceph_volume_client: Disallow authorize auth_id

#6 Updated by Backport Bot about 1 month ago

  • Copied to Backport #48637: octopus: pybind/ceph_volume_client: allows authorize on auth_ids not created through ceph_volume_client added

#7 Updated by Backport Bot about 1 month ago

  • Copied to Backport #48638: nautilus: pybind/ceph_volume_client: allows authorize on auth_ids not created through ceph_volume_client added

#8 Updated by Patrick Donnelly about 1 month ago

  • Backport changed from octopus,nautilus to octopus,nautilus,luminous

#9 Updated by Backport Bot about 1 month ago

  • Copied to Backport #48639: luminous: pybind/ceph_volume_client: allows authorize on auth_ids not created through ceph_volume_client added

#10 Updated by Nathan Cutler 14 days ago

  • Status changed from Pending Backport to Resolved

While running with --resolve-parent, the script "backport-create-issue" noticed that all backports of this issue are in status "Resolved" or "Rejected".

Also available in: Atom PDF