From f4035e49ee4745cd384d48a2334be793ce8df461 Mon Sep 17 00:00:00 2001
From: wangzengliang1 <wangzengliang1@huawei.com>
Date: Mon, 5 Dec 2022 15:10:45 +0800
Subject: [PATCH] fix
ceph-crash: drop privleges to run as "ceph" user, rather than root
If privileges cannot be dropped, log an error and exit.  This commit
also catches and logs exceptions when scraping the crash path, without
which ceph-crash would just exit if it encountered an error.

Fixes: CVE-2022-3650
Fixes: https://tracker.ceph.com/issues/57967
Signed-off-by: Tim Serong <tserong@suse.com>
---
 src/ceph-crash.in | 28 ++++++++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/src/ceph-crash.in b/src/ceph-crash.in
index c549dc1..ad5823e 100644
--- a/src/ceph-crash.in
+++ b/src/ceph-crash.in
@@ -3,8 +3,10 @@
 # vim: ts=4 sw=4 smarttab expandtab
 
 import argparse
+import grp
 import logging
 import os
+import pwd
 import signal
 import socket
 import subprocess
@@ -45,7 +47,8 @@ def post_crash(path):
             stderr=subprocess.PIPE,
         )
         f = open(os.path.join(path, 'meta'), 'rb')
-        stdout, stderr = pr.communicate(input=f.read())
+        (_, stderr) = pr.communicate(input=f.read())
+        stderr = stderr.decode()
         rc = pr.wait()
         f.close()
         if rc != 0:
@@ -80,7 +83,25 @@ def handler(signum, frame):
     print('*** Interrupted with signal %d ***' % signum)
     sys.exit(0)
 
+def drop_privs():
+    if os.getuid() == 0:
+        try:
+            ceph_uid = pwd.getpwnam("ceph").pw_uid
+            ceph_gid = grp.getgrnam("ceph").gr_gid
+            os.setgroups([])
+            os.setgid(ceph_gid)
+            os.setuid(ceph_uid)
+        except Exception as e:
+            log.error(f"Unable to drop privileges: {e}")
+            sys.exit(1)
+
+
 def main():
+
+
+    # run as unprivileged ceph user
+    drop_privs()
+
     # exit code 0 on SIGINT, SIGTERM
     signal.signal(signal.SIGINT, handler)
     signal.signal(signal.SIGTERM, handler)
@@ -96,7 +117,10 @@ def main():
 
     log.info("monitoring path %s, delay %ds" % (args.path, args.delay * 60.0))
     while True:
-        scrape_path(args.path)
+        try:
+            scrape_path(args.path)
+        except Exception as e:
+            log.error(f"Error scraping {args.path}: {e}")
         if args.delay == 0:
             sys.exit(0)
         time.sleep(args.delay * 60)
-- 
2.13.0.windows.1