[Gluster-devel] Attackers hitting vulnerable HDFS installations

Ira Cooper ira at redhat.com
Fri Feb 10 13:30:40 UTC 2017


>From what I know of Gluster, and my experience with Samba.

If they target Gluster, you are going to get pwned.  HARD.

Many, many, many, many times.

Trust me... On the Samba Team, we try to avoid security issues VERY actively, and we still get a few here and there.

You can walk up to a gluster brick today with no auth... and goto town, never mind any of the "standard" attack vectors, like buffer overflows, bad data, etc.

I'd like to believe I'm wrong.  I want to be PROVEN wrong.

But I suspect... You got it right, Gluster isn't big enough to attack today.

... I want to be proven wrong!


----- Original Message -----
> (warning, slightly offensive language)
> https://www.theregister.co.uk/2017/02/09/hadoop_clusters_fked/
> Similar attacks have occurred against MongoDB and ElasticSearch.  How long
> before they target us?  How will we do?
> _______________________________________________
> Gluster-devel mailing list
> Gluster-devel at gluster.org
> http://lists.gluster.org/mailman/listinfo/gluster-devel

More information about the Gluster-devel mailing list