Do not use pickle: Use json

Change-Id: Iffdd56704330897fbde21f101c9b2ed03c2ae296
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-by: Thiago da Silva <tdasilva@redhat.com>
Tested-by: Thiago da Silva <tdasilva@redhat.com>
Reviewed-on: http://review.gluster.org/13221

1 files changed, 12 insertions, 1 deletions

diff --git a/etc/fs.conf-gluster b/etc/fs.conf-gluster
index 6d2a791..31a5e6f 100644
--- a/etc/fs.conf-gluster
+++ b/etc/fs.conf-gluster
@@ -10,4 +10,15 @@ mount_ip = localhost
 # numbers of objects, at the expense of an accurate count of combined bytes
 # used by all objects in the container. For most installations "off" works
 # fine.
-accurate_size_in_listing = off
\ No newline at end of file
+accurate_size_in_listing = off
+
+# In older versions of gluster-swift, metadata stored as xattrs of dirs/files
+# were serialized using PICKLE format. The PICKLE format is vulnerable to
+# exploits in deployments where a user has access to backend filesystem over
+# FUSE/SMB. Deserializing pickled metadata can result in malicious code being
+# executed if an attacker has stored malicious code as xattr from filesystem
+# interface. Although, new metadata is always serialized using JSON format,
+# existing metadata already stored in PICKLE format are loaded by default.
+# You can turn this option to 'off' once you have migrated all your metadata
+# from PICKLE format to JSON format using gluster-swift-migrate-metadata tool.
+read_pickled_metadata = on