Bug 2252792

Summary: rgw: object lock: governance mode override can be bypassed for multipart upload objects
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Matt Benjamin (redhat) <mbenjamin>
Component: RGWAssignee: Matt Benjamin (redhat) <mbenjamin>
Status: CLOSED ERRATA QA Contact: Tejas <tchandra>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.0CC: ceph-eng-bugs, cephqe-warriors, dwalveka, tserlin
Target Milestone: ---   
Target Release: 6.1z3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-17.2.6-167.el9cp Doc Type: Bug Fix
Doc Text:
Cause: Requested object-lock governance information provided with new multipart uploads was not persisted with the uploaded part information, permitting the governance to be bypassed after the upload completed. Consequence: A violation of data retention policy was possible, for multipart uploaded objects. Fix: Object lock parameters are persisted with part upload information and checked at completion, such that there is no window to bypass governance. Result:
 Story Points: ---
Clone Of:
: 2253258 (view as bug list) Environment:
Last Closed: 2023-12-12 13:56:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2253258    

Description Matt Benjamin (redhat) 2023-12-04 17:46:03 UTC 
Description of problem:

As in tracker.

"The result of the script is as follows. Even if object locks are set on the bucket, objects uploaded through multipart upload can still be deleted"
Comment 1 RHEL Program Management 2023-12-04 17:46:11 UTC 
Please specify the severity of this bug. Severity is defined here:
https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity.
Comment 7 errata-xmlrpc 2023-12-12 13:56:16 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat Ceph Storage 6.1 security, enhancements, and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:7740