Actions
Bug #59109
closedAll RGW services down with bucket misconfiguration
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
rgw
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
Recently we came across with a potential DoS in our RGW service. We find out this issue setting up the bucket of a backup job. The problem was that using "s3://bucket" instead of "bucket" made all of our RGW services go down.
We tried out this situation with several tools and this problem seems real since we experienced it with most of them, those which had parameter control didn't.
RCLONE:
Only with users created with "--system" flag
S3CMD:
With all users
AWS S3:
It has parameter control and doesn't happen
For example.
This will knock RGW service down:
$ rclone copy /mnt/backup system_user:s3://bucket -P
$ s3cmd --config=system_user put /mnt/backup.zip s3://s3://bucket
$ s3cmd --config=normal_user put /mnt/backup.zip s3://s3://bucket
This won't:
$ rclone copy /mnt/backup system_user:bucket
$ rclone copy /mnt/backup normal_user:s3://bucket
$ rclone copy /mnt/backup normal_user:bucket
$ s3cmd --config=system_user put /mnt/backup.zip s3://bucket
$ s3cmd --config=normal_user put /mnt/backup.zip s3://bucket
$ aws s3 cp /mnt/backup.zip s3://bucket --endpoint-url=https://ceph-cluster.domain.com --profile system_user
$ aws s3 cp /mnt/backup.zip s3://bucket --endpoint-url=https://ceph-cluster.domain.com --profile normal_user
$ aws s3 cp /mnt/backup.zip s3://s3://bucket --endpoint-url=https://ceph-cluster.domain.com --profile system_user
$ aws s3 cp /mnt/backup.zip s3://s3://bucket --endpoint-url=https://ceph-cluster.domain.com --profile normal_user
Actions