severe security vulnerability in glusterfs with remote-hosts option

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi all,

I came across this blog entry. It seems that there's an undocumented command line option that allows someone to execute a gluster cli command on a remote host. 

https://joejulian.name/blog/one-more-reason-that-glusterfs-should-not-be-used-as-a-saas-offering/

I am on gluster 3.9 and the option is still supported. I'd really like to understand why this option is still supported and what someone could do to actually mitigate this vulnerability.  Is there some configuration option I can set to turn this off for example?

Thanks,
Joe 
_______________________________________________
Gluster-users mailing list
Gluster-users@xxxxxxxxxxx
http://lists.gluster.org/mailman/listinfo/gluster-users
[Index of Archives]     [Gluster Development]     [Linux Filesytems Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux