reef: client: disallow unprivileged users to escalate root privileges#61379
Merged
reef: client: disallow unprivileged users to escalate root privileges#61379
Conversation
An unprivileged user can `chmod 777` a directory owned by root and gain access. Fix this bug and also add a test case for the same. Signed-off-by: Xiubo Li <xiubli@redhat.com> Signed-off-by: Venky Shankar <vshankar@redhat.com>
Contributor
|
jenkins test api |
1 similar comment
Contributor
|
jenkins test api |
Contributor
|
This PR is under test in https://tracker.ceph.com/issues/69881. |
Contributor
|
This PR is under test in https://tracker.ceph.com/issues/70178. |
Contributor
|
This PR is under test in https://tracker.ceph.com/issues/70261. |
Contributor
Author
14 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
An unprivileged user can
chmod 777a directory owned by root and gain access. Fix this bug and also add a test case for the same.Contribution Guidelines
To sign and title your commits, please refer to Submitting Patches to Ceph.
If you are submitting a fix for a stable branch (e.g. "quincy"), please refer to Submitting Patches to Ceph - Backports for the proper workflow.
When filling out the below checklist, you may click boxes directly in the GitHub web UI. When entering or editing the entire PR message in the GitHub web UI editor, you may also select a checklist item by adding an
xbetween the brackets:[x]. Spaces and capitalization matter when checking off items this way.Checklist
Show available Jenkins commands
jenkins retest this pleasejenkins test classic perfjenkins test crimson perfjenkins test signedjenkins test make checkjenkins test make check arm64jenkins test submodulesjenkins test dashboardjenkins test dashboard cephadmjenkins test apijenkins test docsjenkins render docsjenkins test ceph-volume alljenkins test ceph-volume toxjenkins test windowsjenkins test rook e2e