1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
Description: CVE-2022-3650: ceph-crash: drop privleges to run as "ceph" user, rather than root
If privileges cannot be dropped, log an error and exit. This commit
also catches and logs exceptions when scraping the crash path, without
which ceph-crash would just exit if it encountered an error.
Author: Tim Serong <tserong@suse.com>
Date: Wed, 2 Nov 2022 14:27:47 +1100
Bug: https://tracker.ceph.com/issues/57967
Signed-off-by: Tim Serong <tserong@suse.com>
Origin: upstream, https://github.com/ceph/ceph/commit/130c9626598bc3a75942161e6cce7c664c447382
Bug-Debian: https://bugs.debian.org/1024932
Last-Update: 2022-11-28
Index: ceph/src/ceph-crash.in
===================================================================
--- ceph.orig/src/ceph-crash.in
+++ ceph/src/ceph-crash.in
@@ -3,8 +3,10 @@
# vim: ts=4 sw=4 smarttab expandtab
import argparse
+import grp
import logging
import os
+import pwd
import signal
import socket
import subprocess
@@ -83,8 +85,25 @@ def handler(signum):
print('*** Interrupted with signal %d ***' % signum)
sys.exit(0)
+def drop_privs():
+ if os.getuid() == 0:
+ try:
+ ceph_uid = pwd.getpwnam("ceph").pw_uid
+ ceph_gid = grp.getgrnam("ceph").gr_gid
+ os.setgroups([])
+ os.setgid(ceph_gid)
+ os.setuid(ceph_uid)
+ except Exception as e:
+ log.error(f"Unable to drop privileges: {e}")
+ sys.exit(1)
+
+
def main():
global auth_names
+
+ # run as unprivileged ceph user
+ drop_privs()
+
# exit code 0 on SIGINT, SIGTERM
signal.signal(signal.SIGINT, handler)
signal.signal(signal.SIGTERM, handler)
@@ -103,7 +122,10 @@ def main():
log.info("monitoring path %s, delay %ds" % (args.path, args.delay * 60.0))
while True:
- scrape_path(args.path)
+ try:
+ scrape_path(args.path)
+ except Exception as e:
+ log.error(f"Error scraping {args.path}: {e}")
if args.delay == 0:
sys.exit(0)
time.sleep(args.delay * 60)
|