1214051 – rgw: bucket/object owner override when setting acls

Bug 1214051 - rgw: bucket/object owner override when setting acls

Summary: rgw: bucket/object owner override when setting acls

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	RGW
Sub Component:
Version:	1.2.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	rc
Target Release:	1.2.4
Assignee:	Yehuda Sadeh
QA Contact:	Warren
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1197243 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-04-21 20:40 UTC by Yehuda Sadeh
Modified:	2022-02-21 18:29 UTC (History)
CC List:	14 users (show)
Fixed In Version:	ceph-0.80.8-9.el6cp ceph-0.80.8-9.el7cp
Doc Type:	Bug Fix
Doc Text:	Modifying a user's Access Control List (ACL) permissions for an object in the RADOS gateway (RGW) inappropriately caused the user to become the owner of the object. The underlying code has been fixed, and this problem no longer occurs.
Clone Of:
Environment:
Last Closed:	2015-09-02 14:07:38 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Ceph Project Bug Tracker	10978	None	None	None	Never
Red Hat Issue Tracker	RHCEPH-3441	None	None	None	2022-02-21 18:29:46 UTC
Red Hat Product Errata	RHBA-2015:1703	normal	SHIPPED_LIVE	ceph-radosgw and librbd package bug-fix update	2015-09-02 18:07:13 UTC

Description Yehuda Sadeh 2015-04-21 20:40:36 UTC

Description of problem:

rgw: bucket/object owner override when setting acls


How reproducible:

always

Steps to Reproduce:
1. Give write_acl permissions to a user that doesn't own the object/bucket
2. User set attribute on the object/bucket

Actual results:

User becomes the owner of the object/bucket


Expected results:

User should not become owner of the object/bucket

Additional info:

Fixed upstream

Comment 1 Ken Dreyer (Red Hat) 2015-04-22 23:08:54 UTC

The upstream bug says "backport: hammer". Was this fixed in the 0.94.1 release, or after?

Comment 2 Ken Dreyer (Red Hat) 2015-04-22 23:11:27 UTC

"git describe a8ced2c6ce8959500e13fed7cc3d6d01d23f1fef" shows that this landed on the hammer branch prior to the v0.94 release. So I think we're good for RHCS 1.3.0.

Comment 3 Ian Colle 2015-04-23 02:39:33 UTC

We're fine for 1.3.0, but does product want this also out in a patch to 1.2.z?

Comment 4 Neil Levine 2015-04-23 05:01:45 UTC

If I understand the bug, sounds like a pretty big security hole so a patch to 1.2.z sounds prudent.

Comment 6 Yehuda Sadeh 2015-04-23 23:40:29 UTC

waiting for qa_ack on this one

Comment 7 Yehuda Sadeh 2015-04-23 23:44:00 UTC

ok, clearing needinfo

Comment 15 Yehuda Sadeh 2015-06-22 21:15:56 UTC

*** Bug 1197243 has been marked as a duplicate of this bug. ***

Comment 16 Warren 2015-08-26 05:10:15 UTC

Works os 1.2.3.2 iso's for trusty and precise.

Comment 17 Warren 2015-09-01 02:17:44 UTC

On Centos 6.7 this failed due to a python suite failing.  This may not be a 1214051 bug but this script did pass smoothly on ubuntu and rhel.  I am continuing to look into this.

Comment 19 errata-xmlrpc 2015-09-02 14:07:38 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1703.html

Comment 20 Tamil 2015-09-03 00:11:33 UTC

for the record, this test passed on centos 6.7

Note You need to log in before you can comment on or make changes to this bug.