On Fri, Mar 4, 2022 at 2:07 PM Robert Vasek <rvase...@gmail.com> wrote: > > Is there a way for an attacker with sufficient privileges to retrieve the > key by somehow mining it off of the process memory of ceph-fuse which is > now maintaining the volume mount?
Yes, one should assume that if they can gcore dump the ceph-fuse process, they can extract the cephx key. In normal deployment scenarios only a root user should be able to do this, and they would normally have the key anyway. Cheers, Dan _______________________________________________ ceph-users mailing list -- ceph-users@ceph.io To unsubscribe send an email to ceph-users-le...@ceph.io