Bug #57967: ceph-crash service should run as unprivileged user, not root (CVE-2022-3650) - Ceph - Ceph

Bug #57967

ceph-crash service should run as unprivileged user, not root (CVE-2022-3650)

Added by Tim Serong 3 months ago. Updated 3 months ago.

Status:

Pending Backport

Priority:

Normal

Assignee:

Tim Serong

Category:

Target version:

% Done:

Source:

Tags:

backport_processed

Backport:

quincy,pacific

Regression:

Severity:

3 - minor

Reviewed:

Affected Versions:

ceph-qa-suite:

Pull request ID:

48713

Crash signature (v1):

Crash signature (v2):

Description

As reported at https://www.openwall.com/lists/oss-security/2022/10/25/1, ceph-crash runs as root, which makes it vulnerable to a potential ceph user to root privilege escalation. This is fixable by making the ceph-crash process drop privileges and run as the ceph user, just as the other ceph daemons do.

Related issues

History

#1 Updated by Tim Serong 3 months ago

Status changed from New to Fix Under Review
Pull request ID set to 48713

#2 Updated by Tim Serong 3 months ago

Status changed from Fix Under Review to Pending Backport

#3 Updated by Backport Bot 3 months ago

Copied to Backport #57996: pacific: ceph-crash service should run as unprivileged user, not root (CVE-2022-3650) added

#4 Updated by Backport Bot 3 months ago

Copied to Backport #57997: quincy: ceph-crash service should run as unprivileged user, not root (CVE-2022-3650) added

#5 Updated by Backport Bot 3 months ago

Tags set to backport_processed

Also available in: Atom PDF

	Copied to Ceph - Backport #57996: pacific: ceph-crash service should run as unprivileged user, not root (CVE-2022-3650)	In Progress
	Copied to Ceph - Backport #57997: quincy: ceph-crash service should run as unprivileged user, not root (CVE-2022-3650)	In Progress

Project

General

Profile

Ceph

Issues

Tags

Custom queries