aboutsummaryrefslogtreecommitdiffstats
path: root/recipes-extended/glusterfs/files/0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch
blob: dcbb4350eff0cadca35ae210c9e74fc4487fcd2d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
From e79741414777c25e5c2a08e6c31619a0fbaad058 Mon Sep 17 00:00:00 2001
From: Mohit Agrawal <moagrawa@redhat.com>
Date: Wed, 20 Jun 2018 16:13:00 +0530
Subject: [PATCH 3/3] glusterfs: access trusted peer group via remote-host
 command

Problem: In SSL environment the user is able to access volume
         via remote-host command without adding node in a trusted pool

Solution: Change the list of rpc program in glusterd.c at the
          time of initialization while SSL is enabled

BUG: 1593232
Change-Id: I987e433b639e68ad17b77b6452df1e22dbe0f199
fixes: bz#1593232
Signed-off-by: Mohit Agrawal <moagrawa@redhat.com>

Upstream-Status: Backport
Fix CVE-2018-10841
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
 xlators/mgmt/glusterd/src/glusterd.c | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/xlators/mgmt/glusterd/src/glusterd.c b/xlators/mgmt/glusterd/src/glusterd.c
index ef20689..5e0ed8d 100644
--- a/xlators/mgmt/glusterd/src/glusterd.c
+++ b/xlators/mgmt/glusterd/src/glusterd.c
@@ -1646,11 +1646,6 @@ init (xlator_t *this)
                         goto out;
                 }
                 /*
-                 * With strong authentication, we can afford to allow
-                 * privileged operations over TCP.
-                 */
-                gd_inet_programs[1] = &gd_svc_cli_prog;
-                /*
                  * This is the only place where we want secure_srvr to reflect
                  * the management-plane setting.
                  */
-- 
2.7.4