[Gluster-users] severe security vulnerability in glusterfs with remote-hosts option
Joseph Lorenzini
jaloren at gmail.com
Wed May 3 11:54:58 UTC 2017
Hi all,
I came across this blog entry. It seems that there's an undocumented
command line option that allows someone to execute a gluster cli command on
a remote host.
https://joejulian.name/blog/one-more-reason-that-glusterfs-should-not-be-used-as-a-saas-offering/
I am on gluster 3.9 and the option is still supported. I'd really like to
understand why this option is still supported and what someone could do to
actually mitigate this vulnerability. Is there some configuration option I
can set to turn this off for example?
Thanks,
Joe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gluster.org/pipermail/gluster-users/attachments/20170503/9f029b1a/attachment.html>
More information about the Gluster-users
mailing list