Whamcloud Community JIRA https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 [LU-6415] Deny non-root users for 'lfs changelog & changelog_clear' https://jira.whamcloud.com/browse/LU-6415 Lustre <p>Non-root users have the ability to read changelog entries (which contain filenames and FIDs). More importantly, non-root users have the ability to clear changelogs regardless of permissions on the mountpoint.</p> <p>This has potential security implications, in that non-privileged users gain the ability to see information in directories to which they shouldn't have access, and there is also potential for deliberate or accidental DOS by clearing changelogs before the intended reader gets to them (e.g. Robinhood, etc.)</p> LU-6415 Deny non-root users for 'lfs changelog & changelog_clear' Bug Critical Resolved Fixed Niu Yawei Niu Yawei Tue, 31 Mar 2015 13:16:13 +0000 Thu, 14 Jun 2018 21:41:37 +0000 Wed, 8 Jul 2015 18:02:19 +0000 Lustre 2.8.0 0 6 <p>Niu Yawei (yawei.niu@intel.com) uploaded a new patch: <a href="http://review.whamcloud.com/14280" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/14280</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-6415" title="Deny non-root users for &#39;lfs changelog &amp; changelog_clear&#39;" class="issue-link" data-issue-key="LU-6415"><del>LU-6415</del></a> utils: deny non-root user for changelog operations<br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: 1<br/> Commit: 8c7bf7b5b4b81c22e81ba3b2a628c68e7ea74347</p> <p>Oleg Drokin (oleg.drokin@intel.com) merged in patch <a href="http://review.whamcloud.com/14280/" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/14280/</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-6415" title="Deny non-root users for &#39;lfs changelog &amp; changelog_clear&#39;" class="issue-link" data-issue-key="LU-6415"><del>LU-6415</del></a> utils: deny non-root user for changelog operations<br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: <br/> Commit: c12d91242909536de340b4f3363f5b1588f5c013</p> <p>Landed for 2.8</p> Related Development Rank 1|hzx9rz: Rank (Obsolete) 9223372036854775807 Severity