blob: dcbb4350eff0cadca35ae210c9e74fc4487fcd2d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
From e79741414777c25e5c2a08e6c31619a0fbaad058 Mon Sep 17 00:00:00 2001
From: Mohit Agrawal <moagrawa@redhat.com>
Date: Wed, 20 Jun 2018 16:13:00 +0530
Subject: [PATCH 3/3] glusterfs: access trusted peer group via remote-host
command
Problem: In SSL environment the user is able to access volume
via remote-host command without adding node in a trusted pool
Solution: Change the list of rpc program in glusterd.c at the
time of initialization while SSL is enabled
BUG: 1593232
Change-Id: I987e433b639e68ad17b77b6452df1e22dbe0f199
fixes: bz#1593232
Signed-off-by: Mohit Agrawal <moagrawa@redhat.com>
Upstream-Status: Backport
Fix CVE-2018-10841
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
xlators/mgmt/glusterd/src/glusterd.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/xlators/mgmt/glusterd/src/glusterd.c b/xlators/mgmt/glusterd/src/glusterd.c
index ef20689..5e0ed8d 100644
--- a/xlators/mgmt/glusterd/src/glusterd.c
+++ b/xlators/mgmt/glusterd/src/glusterd.c
@@ -1646,11 +1646,6 @@ init (xlator_t *this)
goto out;
}
/*
- * With strong authentication, we can afford to allow
- * privileged operations over TCP.
- */
- gd_inet_programs[1] = &gd_svc_cli_prog;
- /*
* This is the only place where we want secure_srvr to reflect
* the management-plane setting.
*/
--
2.7.4
|