Actions
Bug #57967
closedceph-crash service should run as unprivileged user, not root (CVE-2022-3650)
% Done:
0%
Source:
Backport:
quincy,pacific
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Tags (freeform):
Merge Commit:
Fixed In:
v18.0.0-778-g2b62b893b2a
Released In:
v18.2.0~1066
Upkeep Timestamp:
2025-07-12T22:08:57+00:00
Description
As reported at https://www.openwall.com/lists/oss-security/2022/10/25/1, ceph-crash runs as root, which makes it vulnerable to a potential ceph user to root privilege escalation. This is fixable by making the ceph-crash process drop privileges and run as the ceph user, just as the other ceph daemons do.
Updated by Tim Serong over 3 years ago
- Status changed from New to Fix Under Review
- Pull request ID set to 48713
Updated by Tim Serong over 3 years ago
- Status changed from Fix Under Review to Pending Backport
Updated by Upkeep Bot over 3 years ago
- Copied to Backport #57996: pacific: ceph-crash service should run as unprivileged user, not root (CVE-2022-3650) added
Updated by Upkeep Bot over 3 years ago
- Copied to Backport #57997: quincy: ceph-crash service should run as unprivileged user, not root (CVE-2022-3650) added
Updated by Konstantin Shalygin over 2 years ago
- Status changed from Pending Backport to Resolved
Updated by Upkeep Bot 8 months ago
- Merge Commit set to 2b62b893b2a5e7b434dc70acc106b4ba18b554cf
- Fixed In set to v18.0.0-778-g2b62b893b2a
- Released In set to v18.2.0~1066
- Upkeep Timestamp set to 2025-07-12T22:08:57+00:00
Actions