19 Nov
2024
19 Nov
'24
3:13 p.m.
On Tue, Nov 19, 2024 at 9:54 AM Max Kellermann max.kellermann@ionos.com wrote:
On Tue, Nov 19, 2024 at 2:58 PM Patrick Donnelly pdonnell@redhat.com wrote:
The protocol does **not** require building the full path for most operations unless it involves a snapshot.
We don't use Ceph snapshots, but before today's emergency update, we could shoot down an arbitrary server with a single (unprivileged) system call using this vulnerability.
I'm not sure what your point is, but this vulnerability exists, it works without snapshots and we think it's serious.
I'm not suggesting there isn't a bug. I'm correcting a misunderstanding.
--
Patrick Donnelly, Ph.D.
He / Him / His
Red Hat Partner Engineer
IBM, Inc.
GPG: 19F28A586F808C2402351B93C3301A3E258DD79D