[Bugs] [Bug 1198746] New: Volume passwords are visible to remote users

bugzilla at redhat.com bugzilla at redhat.com
Wed Mar 4 18:06:04 UTC 2015 

https://bugzilla.redhat.com/show_bug.cgi?id=1198746

            Bug ID: 1198746
           Summary: Volume passwords are visible to remote users
           Product: GlusterFS
           Version: mainline
         Component: glusterd
          Severity: high
          Assignee: bugs at gluster.org
          Reporter: jdarcy at redhat.com
                CC: bugs at gluster.org, gluster-bugs at redhat.com



GlusterFS supports a concept of a trusted or privileged mount.  Usually, unless
someone has hacked volfiles by hand, users can connect to bricks without any
credentials at all.  However, if they do use a matching username and password
set when the volume is created, they are allowed to bypass the "root squashing"
that is normally done to ensure that uid/gid checks are performed properly. 
This feature is used by some internal daemons.

Unfortunately, this password is both stored and transmitted in plaintext
(unless TLS is explicitly enabled for the control path as well as data).  The
following command run from any host (as root on that host) will suffice to
reveal it.

   gluster --remote-host=a_server system getspec a_volume

Note that this behavior only exists with the "remote-host" option; a local
(UNIX-domain socket) fetch will get the same volfile but without the username
and password.  Fixing __server_getspec (specifically line 766 of
glusterd-handshake.c) to provide the username/password only via the UNIX-domain
socket, and fixing the internal daemons to use that method, would fix the worst
vulnerability.  However, this would still fall short in environments (e.g.
converged storage/compute) where users running on the same machine as glusterd
might still be able to access the UNIX-domain socket.  We should probably
devise more secure mechanism by which to distinguish internal daemons from
"outsiders" and possibly to distinguish password holders from others (without
storing or transmitting that password in plaintext).

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

More information about the Bugs mailing list