Actions
Bug #57967
closedceph-crash service should run as unprivileged user, not root (CVE-2022-3650)
% Done:
0%
Source:
Tags:
backport_processed
Backport:
quincy,pacific
Regression:
No
Severity:
3 - minor
Reviewed:
Description
As reported at https://www.openwall.com/lists/oss-security/2022/10/25/1, ceph-crash runs as root, which makes it vulnerable to a potential ceph user to root privilege escalation. This is fixable by making the ceph-crash process drop privileges and run as the ceph user, just as the other ceph daemons do.
Updated by Tim Serong over 1 year ago
- Status changed from New to Fix Under Review
- Pull request ID set to 48713
Updated by Tim Serong over 1 year ago
- Status changed from Fix Under Review to Pending Backport
Updated by Backport Bot over 1 year ago
- Copied to Backport #57996: pacific: ceph-crash service should run as unprivileged user, not root (CVE-2022-3650) added
Updated by Backport Bot over 1 year ago
- Copied to Backport #57997: quincy: ceph-crash service should run as unprivileged user, not root (CVE-2022-3650) added
Updated by Konstantin Shalygin 9 months ago
- Status changed from Pending Backport to Resolved
Actions