diff options
Diffstat (limited to 'etc/fs.conf-gluster')
-rw-r--r-- | etc/fs.conf-gluster | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/etc/fs.conf-gluster b/etc/fs.conf-gluster index 6d2a791..31a5e6f 100644 --- a/etc/fs.conf-gluster +++ b/etc/fs.conf-gluster @@ -10,4 +10,15 @@ mount_ip = localhost # numbers of objects, at the expense of an accurate count of combined bytes # used by all objects in the container. For most installations "off" works # fine. -accurate_size_in_listing = off
\ No newline at end of file +accurate_size_in_listing = off + +# In older versions of gluster-swift, metadata stored as xattrs of dirs/files +# were serialized using PICKLE format. The PICKLE format is vulnerable to +# exploits in deployments where a user has access to backend filesystem over +# FUSE/SMB. Deserializing pickled metadata can result in malicious code being +# executed if an attacker has stored malicious code as xattr from filesystem +# interface. Although, new metadata is always serialized using JSON format, +# existing metadata already stored in PICKLE format are loaded by default. +# You can turn this option to 'off' once you have migrated all your metadata +# from PICKLE format to JSON format using gluster-swift-migrate-metadata tool. +read_pickled_metadata = on |