From: Tim Serong <tserong@suse.com>
Date: Wed, 2 Nov 2022 03:27:47 +0000 (+1100)
Subject: CVE-2022-3650: ceph-crash: drop privleges to run as "ceph" user, rather than root
X-Git-Tag: archive/raspbian/16.2.11+ds-1+rpi1^2~3
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=70df4ad6e2f4f1b6f4a7f725f40c97736c79dc8b;p=ceph.git

CVE-2022-3650: ceph-crash: drop privleges to run as "ceph" user, rather than root

Bug: https://tracker.ceph.com/issues/57967
Signed-off-by: Tim Serong <tserong@suse.com>
Origin: upstream, https://github.com/ceph/ceph/commit/130c9626598bc3a75942161e6cce7c664c447382
Bug-Debian: https://bugs.debian.org/1024932
Last-Update: 2022-11-28

If privileges cannot be dropped, log an error and exit.  This commit
also catches and logs exceptions when scraping the crash path, without
which ceph-crash would just exit if it encountered an error.

Gbp-Pq: Name CVE-2022-3650_1_ceph-crash_drop_privleges_to_run_as_ceph_user_rather_than_root.patch
---

diff --git a/src/ceph-crash.in b/src/ceph-crash.in
index ae0e4f516..18d3191d7 100755
--- a/src/ceph-crash.in
+++ b/src/ceph-crash.in
@@ -3,8 +3,10 @@
 # vim: ts=4 sw=4 smarttab expandtab
 
 import argparse
+import grp
 import logging
 import os
+import pwd
 import signal
 import socket
 import subprocess
@@ -83,8 +85,25 @@ def handler(signum):
     print('*** Interrupted with signal %d ***' % signum)
     sys.exit(0)
 
+def drop_privs():
+    if os.getuid() == 0:
+        try:
+            ceph_uid = pwd.getpwnam("ceph").pw_uid
+            ceph_gid = grp.getgrnam("ceph").gr_gid
+            os.setgroups([])
+            os.setgid(ceph_gid)
+            os.setuid(ceph_uid)
+        except Exception as e:
+            log.error(f"Unable to drop privileges: {e}")
+            sys.exit(1)
+
+
 def main():
     global auth_names
+
+    # run as unprivileged ceph user
+    drop_privs()
+
     # exit code 0 on SIGINT, SIGTERM
     signal.signal(signal.SIGINT, handler)
     signal.signal(signal.SIGTERM, handler)
@@ -103,7 +122,10 @@ def main():
 
     log.info("monitoring path %s, delay %ds" % (args.path, args.delay * 60.0))
     while True:
-        scrape_path(args.path)
+        try:
+            scrape_path(args.path)
+        except Exception as e:
+            log.error(f"Error scraping {args.path}: {e}")
         if args.delay == 0:
             sys.exit(0)
         time.sleep(args.delay * 60)