summaryrefslogtreecommitdiffstats
path: root/etc/fs.conf-gluster
diff options
context:
space:
mode:
Diffstat (limited to 'etc/fs.conf-gluster')
-rw-r--r--etc/fs.conf-gluster13
1 files changed, 12 insertions, 1 deletions
diff --git a/etc/fs.conf-gluster b/etc/fs.conf-gluster
index 6d2a791..31a5e6f 100644
--- a/etc/fs.conf-gluster
+++ b/etc/fs.conf-gluster
@@ -10,4 +10,15 @@ mount_ip = localhost
# numbers of objects, at the expense of an accurate count of combined bytes
# used by all objects in the container. For most installations "off" works
# fine.
-accurate_size_in_listing = off \ No newline at end of file
+accurate_size_in_listing = off
+
+# In older versions of gluster-swift, metadata stored as xattrs of dirs/files
+# were serialized using PICKLE format. The PICKLE format is vulnerable to
+# exploits in deployments where a user has access to backend filesystem over
+# FUSE/SMB. Deserializing pickled metadata can result in malicious code being
+# executed if an attacker has stored malicious code as xattr from filesystem
+# interface. Although, new metadata is always serialized using JSON format,
+# existing metadata already stored in PICKLE format are loaded by default.
+# You can turn this option to 'off' once you have migrated all your metadata
+# from PICKLE format to JSON format using gluster-swift-migrate-metadata tool.
+read_pickled_metadata = on