From: Tim Serong Date: Wed, 2 Nov 2022 03:27:47 +0000 (+1100) Subject: ceph-crash: drop privleges to run as "ceph" user, rather than root X-Git-Tag: v16.2.13~182^2~2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=d2a9a539d72e01750dcc245a11962fe574777cc0;p=ceph.git ceph-crash: drop privleges to run as "ceph" user, rather than root If privileges cannot be dropped, log an error and exit. This commit also catches and logs exceptions when scraping the crash path, without which ceph-crash would just exit if it encountered an error. Fixes: CVE-2022-3650 Fixes: https://tracker.ceph.com/issues/57967 Signed-off-by: Tim Serong (cherry picked from commit 130c9626598bc3a75942161e6cce7c664c447382) --- diff --git a/src/ceph-crash.in b/src/ceph-crash.in index 453efb7aa10..d5c7260614e 100755 --- a/src/ceph-crash.in +++ b/src/ceph-crash.in @@ -3,8 +3,10 @@ # vim: ts=4 sw=4 smarttab expandtab import argparse +import grp import logging import os +import pwd import signal import socket import subprocess @@ -88,8 +90,25 @@ def handler(signum, frame): sys.exit(0) +def drop_privs(): + if os.getuid() == 0: + try: + ceph_uid = pwd.getpwnam("ceph").pw_uid + ceph_gid = grp.getgrnam("ceph").gr_gid + os.setgroups([]) + os.setgid(ceph_gid) + os.setuid(ceph_uid) + except Exception as e: + log.error(f"Unable to drop privileges: {e}") + sys.exit(1) + + def main(): global auth_names + + # run as unprivileged ceph user + drop_privs() + # exit code 0 on SIGINT, SIGTERM signal.signal(signal.SIGINT, handler) signal.signal(signal.SIGTERM, handler) @@ -108,7 +127,10 @@ def main(): log.info("monitoring path %s, delay %ds" % (args.path, args.delay * 60.0)) while True: - scrape_path(args.path) + try: + scrape_path(args.path) + except Exception as e: + log.error(f"Error scraping {args.path}: {e}") if args.delay == 0: sys.exit(0) time.sleep(args.delay * 60)