oss-sec mailing list archives

CVE Request for ceph-deploy copying keyring to /etc/ceph which is world readable

From: Siddharth Sharma <sisharma () redhat com>
Date: Fri, 22 May 2015 00:36:36 +0530

Hi,

"ceph-deploy admin" command pushes the client.admin key with world readable 
permissions as in /etc/ceph/ceph.client.admin.keyring, It is similar issue 
like CVE-2015-3010 , but this seems more bad as it is copying to /etc/ceph 
which readable by any user. 

~]# ls -Z /etc/ | grep ceph
drwxr-xr-x. root root system_u:object_r:etc_t:s0 ceph

For further informataion : http://tracker.ceph.com/issues/11694


-- 
Siddharth Sharma / Red Hat Product Security / Key ID : 0xD9F6489A      
Fingerprint :  0x6F04C684 A49C E4CE 8148 E841 CD6F 8E55 D9F6 489A

Attachment: signature.asc
Description: This is a digitally signed message part.

Current thread:

CVE Request for ceph-deploy copying keyring to /etc/ceph which is world readable Siddharth Sharma (May 21)
- Re: CVE Request for ceph-deploy copying keyring to /etc/ceph which is world readable cve-assign (May 21)