pacific: ceph-crash: drop privleges to run as "ceph" user, rather than root (CVE-2022-3650)#48804
Merged
yuriw merged 6 commits intoceph:pacificfrom Feb 16, 2023
Merged
Conversation
This reverts commit 432c766. unused but required: ``` Traceback (most recent call last): File "/usr/bin/ceph-crash", line 102, in <module> main() File "/usr/bin/ceph-crash", line 98, in main time.sleep(args.delay * 60) TypeError: handler() takes exactly 1 argument (2 given) ``` Fixes: https://tracker.ceph.com/issues/54422 Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 02e8e7d)
ceph-crash.in:21:1: E302 expected 2 blank lines, found 1 ceph-crash.in:32:80: E501 line too long (86 > 79 characters) ceph-crash.in:82:1: E302 expected 2 blank lines, found 1 ceph-crash.in:86:1: E302 expected 2 blank lines, found 1 Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 0aee769)
Member
Author
|
Additional trivial cleanup commits avoid cherry-pick conflicts |
If privileges cannot be dropped, log an error and exit. This commit also catches and logs exceptions when scraping the crash path, without which ceph-crash would just exit if it encountered an error. Fixes: CVE-2022-3650 Fixes: https://tracker.ceph.com/issues/57967 Signed-off-by: Tim Serong <tserong@suse.com> (cherry picked from commit 130c962)
66a72f7 to
d2a9a53
Compare
Member
Author
|
jenkins test api |
1 similar comment
Member
Author
|
jenkins test api |
Fixes: https://tracker.ceph.com/issues/58098 Signed-off-by: Tim Serong <tserong@suse.com> (cherry picked from commit 93c0456)
This is to aid in debugging in case crashes aren't posted as expected (see https://tracker.ceph.com/issues/58098 for discussion). Signed-off-by: Tim Serong <tserong@suse.com> (cherry picked from commit d139f6d)
ljflores
approved these changes
Jan 27, 2023
ktdreyer
approved these changes
Feb 15, 2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
backport tracker: https://tracker.ceph.com/issues/57996
backport of #48713
parent tracker: https://tracker.ceph.com/issues/57967
this backport was staged using ceph-backport.sh version 16.0.0.6848
find the latest version at https://github.com/ceph/ceph/blob/main/src/script/ceph-backport.sh