path: root/etc/fs.conf-gluster
diff options
authorPrashanth Pai <>2015-09-08 15:44:09 +0530
committerPrashanth Pai <>2016-01-11 20:47:23 -0800
commitc5d76cdd2e2e99d4ac65b645b17cf8a43e4ccab4 (patch)
tree9266f8a8419d48ab6f19a2bb5ca0988e72f501da /etc/fs.conf-gluster
parentac33dc6dbf1f982cf522556aa938ebfb0e6ddded (diff)
Do not use pickle: Use json
Change-Id: Iffdd56704330897fbde21f101c9b2ed03c2ae296 Signed-off-by: Prashanth Pai <> Reviewed-by: Thiago da Silva <> Tested-by: Thiago da Silva <> Reviewed-on:
Diffstat (limited to 'etc/fs.conf-gluster')
1 files changed, 12 insertions, 1 deletions
diff --git a/etc/fs.conf-gluster b/etc/fs.conf-gluster
index 6d2a791..31a5e6f 100644
--- a/etc/fs.conf-gluster
+++ b/etc/fs.conf-gluster
@@ -10,4 +10,15 @@ mount_ip = localhost
# numbers of objects, at the expense of an accurate count of combined bytes
# used by all objects in the container. For most installations "off" works
# fine.
-accurate_size_in_listing = off \ No newline at end of file
+accurate_size_in_listing = off
+# In older versions of gluster-swift, metadata stored as xattrs of dirs/files
+# were serialized using PICKLE format. The PICKLE format is vulnerable to
+# exploits in deployments where a user has access to backend filesystem over
+# FUSE/SMB. Deserializing pickled metadata can result in malicious code being
+# executed if an attacker has stored malicious code as xattr from filesystem
+# interface. Although, new metadata is always serialized using JSON format,
+# existing metadata already stored in PICKLE format are loaded by default.
+# You can turn this option to 'off' once you have migrated all your metadata
+# from PICKLE format to JSON format using gluster-swift-migrate-metadata tool.
+read_pickled_metadata = on