packages/ceph
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update 0010-fix-CVE-2022-3650.patch.

Browse Source 
Signed-off-by: wangzengliang <wangzengliang2@huawei.com>
This commit is contained in:
wangzengliang 2022-12-06 04:04:03 +00:00 committed by Gitee
parent 6a15e33bc4
commit 67b668d6a1
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
0010-fix-CVE-2022-3650.patch
View File

@ -2,7 +2,14 @@ From f4035e49ee4745cd384d48a2334be793ce8df461 Mon Sep 17 00:00:00 2001
From: wangzengliang1 <wangzengliang1@huawei.com>
Date: Mon, 5 Dec 2022 15:10:45 +0800
Subject: [PATCH] fix
ceph-crash: drop privleges to run as "ceph" user, rather than root
If privileges cannot be dropped, log an error and exit. This commit
also catches and logs exceptions when scraping the crash path, without
which ceph-crash would just exit if it encountered an error.
Fixes: CVE-2022-3650
Fixes: https://tracker.ceph.com/issues/57967
Signed-off-by: Tim Serong <tserong@suse.com>
---
src/ceph-crash.in | 28 ++++++++++++++++++++++++++--
1 file changed, 26 insertions(+), 2 deletions(-)