client: disallow unprivileged users to escalate root privileges#62025
Merged
client: disallow unprivileged users to escalate root privileges#62025
Conversation
Contributor
Author
|
This PR is under test in https://tracker.ceph.com/issues/70201. |
eb1111e to
4591302
Compare
Contributor
Author
|
Tests did not run over the weekend. Trigerred it again. |
Contributor
Author
|
This PR is under test in https://tracker.ceph.com/issues/70820. |
Contributor
Author
|
Test runs looks fine. Preparing run wiki and this should get merged soon. |
Contributor
Author
|
jenkins retest this please |
Contributor
Author
|
jenkins test make check |
Contributor
Author
|
jenkins retest this please |
Contributor
Author
Contributor
Author
|
jenkins retest this please |
1 similar comment
Contributor
Author
|
jenkins retest this please |
An unprivileged user can `chmod 777` a directory owned by root and gain access. Fix this bug and also add a test case for the same. Signed-off-by: Xiubo Li <xiubli@redhat.com> Signed-off-by: Venky Shankar <vshankar@redhat.com>
4591302 to
fb1b72d
Compare
Contributor
Author
|
jenkins test make check |
Contributor
Author
|
cc @mchangir for approval. QA run: https://pulpito.ceph.com/?branch=wip-vshankar-testing-20250407.173548-debug |
mchangir
reviewed
May 13, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
An unprivileged user can
chmod 777a directory owned by root and gain access. Fix this bug and also add a test case for the same.Contribution Guidelines
To sign and title your commits, please refer to Submitting Patches to Ceph.
If you are submitting a fix for a stable branch (e.g. "quincy"), please refer to Submitting Patches to Ceph - Backports for the proper workflow.
When filling out the below checklist, you may click boxes directly in the GitHub web UI. When entering or editing the entire PR message in the GitHub web UI editor, you may also select a checklist item by adding an
xbetween the brackets:[x]. Spaces and capitalization matter when checking off items this way.Checklist
Show available Jenkins commands
jenkins retest this pleasejenkins test classic perfjenkins test crimson perfjenkins test signedjenkins test make checkjenkins test make check arm64jenkins test submodulesjenkins test dashboardjenkins test dashboard cephadmjenkins test apijenkins test docsjenkins render docsjenkins test ceph-volume alljenkins test ceph-volume toxjenkins test windowsjenkins test rook e2e