On Thu, Feb 09, 2017 at 03:53:52PM -0500, Jeff Darcy wrote:
> https://www.theregister.co.uk/2017/02/09/hadoop_clusters_fked/
> Similar attacks have occurred against MongoDB and ElasticSearch.
> How long before they target us? How will we do?
It is true default glusterfs installation is too
Honestly:
>From what I know of Gluster, and my experience with Samba.
If they target Gluster, you are going to get pwned. HARD.
Many, many, many, many times.
Trust me... On the Samba Team, we try to avoid security issues VERY actively,
and we still get a few here and there.
You can walk up
> It is true default glusterfs installation is too open. A simple
> solution would be to introduce an access control, either by
> IP whitelist, or better by shared secret.
>
> The obvious problem is that it breaks updates. At least peer
> know each others and could agree on automatically creating
On Fri, Feb 10, 2017 at 08:30:40AM -0500, Ira Cooper wrote:
> But I suspect... You got it right, Gluster isn't big enough to attack today.
It is just a matter of time.
--
Emmanuel Dreyfus
m...@netbsd.org
___
Gluster-devel mailing list
Following up on the packages available, [1] has the packages for RC0
across Debian and Fedora distributions, [2] had packages for OpenSuSE,
[3] for Ubuntu.
Release notes are available at [4].
We welcome feedback on 3.10, and for any issues faced do raise a bug, so
that we can assess it prior
Here's a quote from a paper titled: Non-blocking Writes to Files
https://www.usenix.org/conference/fast15/technical-sessions/presentation/campello
-
Ordering of Page Updates.
Non-blocking writes may alter the sequence in which patches to
different pages get applied since the page fetches may
