ceph/0010-fix-CVE-2022-3650.patch

From f4035e49ee4745cd384d48a2334be793ce8df461 Mon Sep 17 00:00:00 2001
From: wangzengliang1 <wangzengliang1@huawei.com>
Date: Mon, 5 Dec 2022 15:10:45 +0800
Subject: [PATCH] fix

---
 src/ceph-crash.in | 28 ++++++++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/src/ceph-crash.in b/src/ceph-crash.in
index c549dc1..ad5823e 100644
--- a/src/ceph-crash.in
+++ b/src/ceph-crash.in
@@ -3,8 +3,10 @@
 # vim: ts=4 sw=4 smarttab expandtab
 
 import argparse
+import grp
 import logging
 import os
+import pwd
 import signal
 import socket
 import subprocess
@@ -45,7 +47,8 @@ def post_crash(path):
             stderr=subprocess.PIPE,
         )
         f = open(os.path.join(path, 'meta'), 'rb')
-        stdout, stderr = pr.communicate(input=f.read())
+        (_, stderr) = pr.communicate(input=f.read())
+        stderr = stderr.decode()
         rc = pr.wait()
         f.close()
         if rc != 0:
@@ -80,7 +83,25 @@ def handler(signum, frame):
     print('*** Interrupted with signal %d ***' % signum)
     sys.exit(0)
 
+def drop_privs():
+    if os.getuid() == 0:
+        try:
+            ceph_uid = pwd.getpwnam("ceph").pw_uid
+            ceph_gid = grp.getgrnam("ceph").gr_gid
+            os.setgroups([])
+            os.setgid(ceph_gid)
+            os.setuid(ceph_uid)
+        except Exception as e:
+            log.error(f"Unable to drop privileges: {e}")
+            sys.exit(1)
+
+
 def main():
+
+
+    # run as unprivileged ceph user
+    drop_privs()
+
     # exit code 0 on SIGINT, SIGTERM
     signal.signal(signal.SIGINT, handler)
     signal.signal(signal.SIGTERM, handler)
@@ -96,7 +117,10 @@ def main():
 
     log.info("monitoring path %s, delay %ds" % (args.path, args.delay * 60.0))
     while True:
-        scrape_path(args.path)
+        try:
+            scrape_path(args.path)
+        except Exception as e:
+            log.error(f"Error scraping {args.path}: {e}")
         if args.delay == 0:
             sys.exit(0)
         time.sleep(args.delay * 60)
-- 
2.13.0.windows.1
fix CVE-2022-3650 2022-12-05 15:36:14 +08:00			`From f4035e49ee4745cd384d48a2334be793ce8df461 Mon Sep 17 00:00:00 2001`
			`From: wangzengliang1 <wangzengliang1@huawei.com>`
			`Date: Mon, 5 Dec 2022 15:10:45 +0800`
			`Subject: [PATCH] fix`

			`---`
			`src/ceph-crash.in \| 28 ++++++++++++++++++++++++++--`
			`1 file changed, 26 insertions(+), 2 deletions(-)`

			`diff --git a/src/ceph-crash.in b/src/ceph-crash.in`
			`index c549dc1..ad5823e 100644`
			`--- a/src/ceph-crash.in`
			`+++ b/src/ceph-crash.in`
			`@@ -3,8 +3,10 @@`
			`# vim: ts=4 sw=4 smarttab expandtab`

			`import argparse`
			`+import grp`
			`import logging`
			`import os`
			`+import pwd`
			`import signal`
			`import socket`
			`import subprocess`
			`@@ -45,7 +47,8 @@ def post_crash(path):`
			`stderr=subprocess.PIPE,`
			`)`
			`f = open(os.path.join(path, 'meta'), 'rb')`
			`- stdout, stderr = pr.communicate(input=f.read())`
			`+ (_, stderr) = pr.communicate(input=f.read())`
			`+ stderr = stderr.decode()`
			`rc = pr.wait()`
			`f.close()`
			`if rc != 0:`
			`@@ -80,7 +83,25 @@ def handler(signum, frame):`
			`print('* Interrupted with signal %d *' % signum)`
			`sys.exit(0)`

			`+def drop_privs():`
			`+ if os.getuid() == 0:`
			`+ try:`
			`+ ceph_uid = pwd.getpwnam("ceph").pw_uid`
			`+ ceph_gid = grp.getgrnam("ceph").gr_gid`
			`+ os.setgroups([])`
			`+ os.setgid(ceph_gid)`
			`+ os.setuid(ceph_uid)`
			`+ except Exception as e:`
			`+ log.error(f"Unable to drop privileges: {e}")`
			`+ sys.exit(1)`
			`+`
			`+`
			`def main():`
			`+`
			`+`
			`+ # run as unprivileged ceph user`
			`+ drop_privs()`
			`+`
			`# exit code 0 on SIGINT, SIGTERM`
			`signal.signal(signal.SIGINT, handler)`
			`signal.signal(signal.SIGTERM, handler)`
			`@@ -96,7 +117,10 @@ def main():`

			`log.info("monitoring path %s, delay %ds" % (args.path, args.delay * 60.0))`
			`while True:`
			`- scrape_path(args.path)`
			`+ try:`
			`+ scrape_path(args.path)`
			`+ except Exception as e:`
			`+ log.error(f"Error scraping {args.path}: {e}")`
			`if args.delay == 0:`
			`sys.exit(0)`
			`time.sleep(args.delay * 60)`
			`--`
			`2.13.0.windows.1`