diff options
Diffstat (limited to 'recipes-extended/glusterfs/files/0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch')
-rw-r--r-- | recipes-extended/glusterfs/files/0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch | 43 |
1 files changed, 0 insertions, 43 deletions
diff --git a/recipes-extended/glusterfs/files/0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch b/recipes-extended/glusterfs/files/0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch deleted file mode 100644 index dcbb435..0000000 --- a/recipes-extended/glusterfs/files/0003-glusterfs-access-trusted-peer-group-via-remote-host-.patch +++ /dev/null | |||
@@ -1,43 +0,0 @@ | |||
1 | From e79741414777c25e5c2a08e6c31619a0fbaad058 Mon Sep 17 00:00:00 2001 | ||
2 | From: Mohit Agrawal <moagrawa@redhat.com> | ||
3 | Date: Wed, 20 Jun 2018 16:13:00 +0530 | ||
4 | Subject: [PATCH 3/3] glusterfs: access trusted peer group via remote-host | ||
5 | command | ||
6 | |||
7 | Problem: In SSL environment the user is able to access volume | ||
8 | via remote-host command without adding node in a trusted pool | ||
9 | |||
10 | Solution: Change the list of rpc program in glusterd.c at the | ||
11 | time of initialization while SSL is enabled | ||
12 | |||
13 | BUG: 1593232 | ||
14 | Change-Id: I987e433b639e68ad17b77b6452df1e22dbe0f199 | ||
15 | fixes: bz#1593232 | ||
16 | Signed-off-by: Mohit Agrawal <moagrawa@redhat.com> | ||
17 | |||
18 | Upstream-Status: Backport | ||
19 | Fix CVE-2018-10841 | ||
20 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
21 | --- | ||
22 | xlators/mgmt/glusterd/src/glusterd.c | 5 ----- | ||
23 | 1 file changed, 5 deletions(-) | ||
24 | |||
25 | diff --git a/xlators/mgmt/glusterd/src/glusterd.c b/xlators/mgmt/glusterd/src/glusterd.c | ||
26 | index ef20689..5e0ed8d 100644 | ||
27 | --- a/xlators/mgmt/glusterd/src/glusterd.c | ||
28 | +++ b/xlators/mgmt/glusterd/src/glusterd.c | ||
29 | @@ -1646,11 +1646,6 @@ init (xlator_t *this) | ||
30 | goto out; | ||
31 | } | ||
32 | /* | ||
33 | - * With strong authentication, we can afford to allow | ||
34 | - * privileged operations over TCP. | ||
35 | - */ | ||
36 | - gd_inet_programs[1] = &gd_svc_cli_prog; | ||
37 | - /* | ||
38 | * This is the only place where we want secure_srvr to reflect | ||
39 | * the management-plane setting. | ||
40 | */ | ||
41 | -- | ||
42 | 2.7.4 | ||
43 | |||