Project

General

Profile

Bug #57967

ceph-crash service should run as unprivileged user, not root (CVE-2022-3650)

Added by Tim Serong 3 months ago. Updated 3 months ago.

Status:
Pending Backport
Priority:
Normal
Assignee:
Category:
-
Target version:
-
% Done:

0%

Source:
Tags:
backport_processed
Backport:
quincy,pacific
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

As reported at https://www.openwall.com/lists/oss-security/2022/10/25/1, ceph-crash runs as root, which makes it vulnerable to a potential ceph user to root privilege escalation. This is fixable by making the ceph-crash process drop privileges and run as the ceph user, just as the other ceph daemons do.


Related issues

Copied to Ceph - Backport #57996: pacific: ceph-crash service should run as unprivileged user, not root (CVE-2022-3650) In Progress
Copied to Ceph - Backport #57997: quincy: ceph-crash service should run as unprivileged user, not root (CVE-2022-3650) In Progress

History

#1 Updated by Tim Serong 3 months ago

  • Status changed from New to Fix Under Review
  • Pull request ID set to 48713

#2 Updated by Tim Serong 3 months ago

  • Status changed from Fix Under Review to Pending Backport

#3 Updated by Backport Bot 3 months ago

  • Copied to Backport #57996: pacific: ceph-crash service should run as unprivileged user, not root (CVE-2022-3650) added

#4 Updated by Backport Bot 3 months ago

  • Copied to Backport #57997: quincy: ceph-crash service should run as unprivileged user, not root (CVE-2022-3650) added

#5 Updated by Backport Bot 3 months ago

  • Tags set to backport_processed

Also available in: Atom PDF