Actions
Bug #69972
openprevent data sync from replicating to buckets not owned by the user
% Done:
0%
Source:
Backport:
squid
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Tags (freeform):
backport_processed
Merge Commit:
Fixed In:
v20.0.0-289-gc8c15bd4fd
Released In:
v20.2.0~881
Upkeep Timestamp:
2025-11-01T01:00:32+00:00
Description
Issue https://tracker.ceph.com/issues/68884 revealed that because user_acl is initialized by default in RGWUserPermHandler::Init with the same identity, calling verify_bucket_permission_no_policy() would mistakenly allow the request since the user ACL matches the identity. Removing the default creation of user_acl would align the behavior with other S3 operations to prevent unauthorized data replication.
Updated by Casey Bodley 12 months ago
- Status changed from New to Fix Under Review
Updated by Casey Bodley 12 months ago
- Status changed from Fix Under Review to Pending Backport
Updated by Upkeep Bot 12 months ago
- Copied to Backport #70408: squid: prevent data sync from replicating to buckets not owned by the user added
Updated by Upkeep Bot 8 months ago
- Merge Commit set to c8c15bd4fdc4d824371fcf6fd77904bd67d40086
- Fixed In set to v20.0.0-289-gc8c15bd4fdc
- Upkeep Timestamp set to 2025-07-08T18:07:29+00:00
Updated by Upkeep Bot 8 months ago
- Fixed In changed from v20.0.0-289-gc8c15bd4fdc to v20.0.0-289-gc8c15bd4fdc4
- Upkeep Timestamp changed from 2025-07-08T18:07:29+00:00 to 2025-07-14T15:21:57+00:00
Updated by Upkeep Bot 8 months ago
- Fixed In changed from v20.0.0-289-gc8c15bd4fdc4 to v20.0.0-289-gc8c15bd4fd
- Upkeep Timestamp changed from 2025-07-14T15:21:57+00:00 to 2025-07-14T20:46:26+00:00
Updated by Upkeep Bot 4 months ago
- Released In set to v20.2.0~881
- Upkeep Timestamp changed from 2025-07-14T20:46:26+00:00 to 2025-11-01T01:00:32+00:00
Actions