diff options
Diffstat (limited to 'recipes-extended/glusterfs/files')
-rw-r--r-- | recipes-extended/glusterfs/files/0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/recipes-extended/glusterfs/files/0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch b/recipes-extended/glusterfs/files/0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch new file mode 100644 index 00000000..dcbb4350 --- /dev/null +++ b/recipes-extended/glusterfs/files/0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch @@ -0,0 +1,43 @@ +From e79741414777c25e5c2a08e6c31619a0fbaad058 Mon Sep 17 00:00:00 2001 +From: Mohit Agrawal <moagrawa@redhat.com> +Date: Wed, 20 Jun 2018 16:13:00 +0530 +Subject: [PATCH 3/3] glusterfs: access trusted peer group via remote-host + command + +Problem: In SSL environment the user is able to access volume + via remote-host command without adding node in a trusted pool + +Solution: Change the list of rpc program in glusterd.c at the + time of initialization while SSL is enabled + +BUG: 1593232 +Change-Id: I987e433b639e68ad17b77b6452df1e22dbe0f199 +fixes: bz#1593232 +Signed-off-by: Mohit Agrawal <moagrawa@redhat.com> + +Upstream-Status: Backport +Fix CVE-2018-10841 +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + xlators/mgmt/glusterd/src/glusterd.c | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/xlators/mgmt/glusterd/src/glusterd.c b/xlators/mgmt/glusterd/src/glusterd.c +index ef20689..5e0ed8d 100644 +--- a/xlators/mgmt/glusterd/src/glusterd.c ++++ b/xlators/mgmt/glusterd/src/glusterd.c +@@ -1646,11 +1646,6 @@ init (xlator_t *this) + goto out; + } + /* +- * With strong authentication, we can afford to allow +- * privileged operations over TCP. +- */ +- gd_inet_programs[1] = &gd_svc_cli_prog; +- /* + * This is the only place where we want secure_srvr to reflect + * the management-plane setting. + */ +-- +2.7.4 + |