fix CVE-2022-3650

2022-12-05 15:36:14 +08:00 · 2022-12-05 15:36:14 +08:00 · 6a15e33bc4
commit 6a15e33bc4
parent ef7e94a7f2
2 changed files with 80 additions and 1 deletions
--- a/0010-fix-CVE-2022-3650.patch
+++ b/0010-fix-CVE-2022-3650.patch
@ -0,0 +1,75 @@
+From f4035e49ee4745cd384d48a2334be793ce8df461 Mon Sep 17 00:00:00 2001
+From: wangzengliang1 <wangzengliang1@huawei.com>
+Date: Mon, 5 Dec 2022 15:10:45 +0800
+Subject: [PATCH] fix
+
+---
+ src/ceph-crash.in | 28 ++++++++++++++++++++++++++--
+ 1 file changed, 26 insertions(+), 2 deletions(-)
+
+diff --git a/src/ceph-crash.in b/src/ceph-crash.in
+index c549dc1..ad5823e 100644
+--- a/src/ceph-crash.in
+++ b/src/ceph-crash.in
+@@ -3,8 +3,10 @@
+ # vim: ts=4 sw=4 smarttab expandtab
+ 
+ import argparse
+import grp
+ import logging
+ import os
+import pwd
+ import signal
+ import socket
+ import subprocess
+@@ -45,7 +47,8 @@ def post_crash(path):
+             stderr=subprocess.PIPE,
+         )
+         f = open(os.path.join(path, 'meta'), 'rb')
+-        stdout, stderr = pr.communicate(input=f.read())
+        (_, stderr) = pr.communicate(input=f.read())
+        stderr = stderr.decode()
+         rc = pr.wait()
+         f.close()
+         if rc != 0:
+@@ -80,7 +83,25 @@ def handler(signum, frame):
+     print('*** Interrupted with signal %d ***' % signum)
+     sys.exit(0)
+ 
+def drop_privs():
+    if os.getuid() == 0:
+        try:
+            ceph_uid = pwd.getpwnam("ceph").pw_uid
+            ceph_gid = grp.getgrnam("ceph").gr_gid
+            os.setgroups([])
+            os.setgid(ceph_gid)
+            os.setuid(ceph_uid)
+        except Exception as e:
+            log.error(f"Unable to drop privileges: {e}")
+            sys.exit(1)
+
+
+ def main():
+
+
+    # run as unprivileged ceph user
+    drop_privs()
+
+     # exit code 0 on SIGINT, SIGTERM
+     signal.signal(signal.SIGINT, handler)
+     signal.signal(signal.SIGTERM, handler)
+@@ -96,7 +117,10 @@ def main():
+ 
+     log.info("monitoring path %s, delay %ds" % (args.path, args.delay * 60.0))
+     while True:
+-        scrape_path(args.path)
+        try:
+            scrape_path(args.path)
+        except Exception as e:
+            log.error(f"Error scraping {args.path}: {e}")
+         if args.delay == 0:
+             sys.exit(0)
+         time.sleep(args.delay * 60)
+-- 
+2.13.0.windows.1
+
--- a/ceph.spec
+++ b/ceph.spec
@ -125,7 +125,7 @@
 #################################################################################
 Name:		ceph
 Version:	16.2.7
-Release:	10
+Release:	11
 %if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler}
 Epoch:		2
 %endif
@ -152,6 +152,7 @@ Patch6: 0006-ceph-volume-decrease-number-of-pvs-calls-in-lvm-list.patch
 Patch7: 0007-bluestore-use-direct-write-for-bdevlabel.patch
 Patch8: 0008-enable-sw64-architecture.patch
 Patch9: 0009-fix-CVE-2022-0670.patch
+Patch10: 0010-fix-CVE-2022-3650.patch
 %if 0%{?suse_version}
 # _insert_obs_source_lines_here
 ExclusiveArch:  x86_64 aarch64 ppc64le s390x
@ -2492,6 +2493,9 @@ exit 0
 %config %{_sysconfdir}/prometheus/ceph/ceph_default_alerts.yml

 %changelog
+* Mon Dec 5 2022 wangzengliang <wangzengliang2@huawei.com> - 2:16.2.7-11
+- fix CVE-2022-3650
+
 * Tue Nov 15 2022 wangzengliang <wangzengliang1@huawei.com> - 2:16.2.7-10
 - keep the ceph.spec align with native community