Actions
Bug #57967
closedceph-crash service should run as unprivileged user, not root (CVE-2022-3650)
% Done:
0%
Source:
Tags:
backport_processed
Backport:
quincy,pacific
Regression:
No
Severity:
3 - minor
Reviewed:
Description
As reported at https://www.openwall.com/lists/oss-security/2022/10/25/1, ceph-crash runs as root, which makes it vulnerable to a potential ceph user to root privilege escalation. This is fixable by making the ceph-crash process drop privileges and run as the ceph user, just as the other ceph daemons do.
Actions