Linux Kernel Ceph Filesystem Multi-Filesystem User Authentication Vulnerability

A vulnerability in the Ceph filesystem implementation of the Linux kernel allows for improper user authentication management across multiple filesystems within a single cluster. This issue arises because the metadata server (MDS) authorization capabilities do not correctly validate the filesystem name, leading to a crossover of permissions between filesystems. As a result, a user may inadvertently gain unauthorized access or rights on a filesystem where they should have none.

Impact

This vulnerability can lead to unauthorized read and write access on filesystems, allowing users to manipulate files contrary to their assigned permissions.

Reproduction

To reproduce this vulnerability, create a cluster with two filesystems, 'fsname1' and 'fsname2'. Authorize read-only access for the user 'client.usr' on 'fsname1' and read-write access on 'fsname2'. After updating the keyring, mount 'fsname1' using 'client.usr'. Despite the read-only authorization, 'client.usr' will be able to write to 'fsname1', demonstrating the vulnerability. This can be verified by attempting to create or delete files on the mounted filesystem, which should fail under normal circumstances but succeeds due to the bug.

Remediation

Users can manually validate and adjust the MDS authorization capabilities to ensure proper filesystem name checks are in place, preventing unauthorized access. Additionally, updating to the latest patched version of the Linux kernel is recommended.