Bug 1178688 - Internal ec xattrs are allowed to be modified
Summary: Internal ec xattrs are allowed to be modified
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: GlusterFS
Classification: Community
Component: disperse
Version: mainline
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Pranith Kumar K
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1182490
TreeView+ depends on / blocked
 
Reported: 2015-01-05 10:06 UTC by Pranith Kumar K
Modified: 2015-05-14 17:45 UTC (History)
3 users (show)

Fixed In Version: glusterfs-3.7.0
Clone Of:
: 1182490 (view as bug list)
Environment:
Last Closed: 2015-05-14 17:28:49 UTC
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Embargoed:

Attachments (Terms of Use)

Description Pranith Kumar K 2015-01-05 10:06:29 UTC 
Description of problem:
Internal ec xattrs are allowed to be modified by the user, this can cause problems if the user modifies them in a wrong way by mistake.
root@pranithk-laptop - /mnt/fuse1 
15:34:11 :) ⚡ getfattr -d -m. -e hex /home/gfs/ec_?/a
getfattr: Removing leading '/' from absolute path names
# file: home/gfs/ec_2/a
security.selinux=0x756e636f6e66696e65645f753a6f626a6563745f723a66696c655f743a733000
trusted.ec.config=0x0000080301000200
trusted.ec.size=0x0000000000000004
trusted.ec.version=0x0000000000000001
trusted.gfid=0x5934895e011e4bc2aa0bae0b6d5148bb

# file: home/gfs/ec_3/a
security.selinux=0x756e636f6e66696e65645f753a6f626a6563745f723a66696c655f743a733000
trusted.ec.config=0x0000080301000200
trusted.ec.size=0x0000000000000004
trusted.ec.version=0x0000000000000001
trusted.gfid=0x5934895e011e4bc2aa0bae0b6d5148bb

# file: home/gfs/ec_4/a
security.selinux=0x756e636f6e66696e65645f753a6f626a6563745f723a66696c655f743a733000
trusted.ec.config=0x0000080301000200
trusted.ec.size=0x0000000000000004
trusted.ec.version=0x0000000000000001
trusted.gfid=0x5934895e011e4bc2aa0bae0b6d5148bb


root@pranithk-laptop - /mnt/fuse1 
15:34:36 :) ⚡ setfattr -n trusted.ec.size -v 0x0000000000000008 a

root@pranithk-laptop - /mnt/fuse1 
15:35:04 :) ⚡ getfattr -d -m. -e hex /home/gfs/ec_?/a
getfattr: Removing leading '/' from absolute path names
# file: home/gfs/ec_2/a
security.selinux=0x756e636f6e66696e65645f753a6f626a6563745f723a66696c655f743a733000
trusted.ec.config=0x0000080301000200
trusted.ec.size=0x0000000000000008
trusted.ec.version=0x0000000000000002
trusted.gfid=0x5934895e011e4bc2aa0bae0b6d5148bb

# file: home/gfs/ec_3/a
security.selinux=0x756e636f6e66696e65645f753a6f626a6563745f723a66696c655f743a733000
trusted.ec.config=0x0000080301000200
trusted.ec.size=0x0000000000000008
trusted.ec.version=0x0000000000000002
trusted.gfid=0x5934895e011e4bc2aa0bae0b6d5148bb

# file: home/gfs/ec_4/a
security.selinux=0x756e636f6e66696e65645f753a6f626a6563745f723a66696c655f743a733000
trusted.ec.config=0x0000080301000200
trusted.ec.size=0x0000000000000008
trusted.ec.version=0x0000000000000002
trusted.gfid=0x5934895e011e4bc2aa0bae0b6d5148bb


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Anand Avati 2015-01-05 14:21:30 UTC 
REVIEW: http://review.gluster.org/9385 (cluster/ec: Handle internal xattr get/set) posted (#1) for review on master by Pranith Kumar Karampuri (pkarampu)
Comment 2 Anand Avati 2015-01-05 14:25:42 UTC 
REVIEW: http://review.gluster.org/9385 (cluster/ec: Handle internal xattr get/set) posted (#2) for review on master by Pranith Kumar Karampuri (pkarampu)
Comment 3 Anand Avati 2015-01-06 07:07:37 UTC 
REVIEW: http://review.gluster.org/9385 (cluster/ec: Handle internal xattr get/set) posted (#3) for review on master by Pranith Kumar Karampuri (pkarampu)
Comment 4 Anand Avati 2015-01-07 10:18:19 UTC 
REVIEW: http://review.gluster.org/9385 (cluster/ec: Handle internal xattr get/set) posted (#4) for review on master by Pranith Kumar Karampuri (pkarampu)
Comment 5 Anand Avati 2015-01-08 07:02:25 UTC 
REVIEW: http://review.gluster.org/9385 (cluster/ec: Handle internal xattr get/set) posted (#5) for review on master by Pranith Kumar Karampuri (pkarampu)
Comment 6 Anand Avati 2015-01-08 09:44:22 UTC 
REVIEW: http://review.gluster.org/9385 (cluster/ec: Handle internal xattr get/set) posted (#6) for review on master by Pranith Kumar Karampuri (pkarampu)
Comment 7 Anand Avati 2015-01-09 05:55:42 UTC 
COMMIT: http://review.gluster.org/9385 committed in master by Pranith Kumar Karampuri (pkarampu) 
------
commit 70dc47389cbe08238d8c216c51d49583154bd08a
Author: Pranith Kumar K <pkarampu>
Date:   Mon Jan 5 16:21:52 2015 +0530

    cluster/ec: Handle internal xattr get/set
    
    Problem:
    Internal xattrs of EC like trusted.ec.size/config/version
    can be modified by users and that can lead to misbehavior
    in EC.
    
    Fix:
    Don't let the user modify the xattrs. Hide these xattrs
    in getfattr outputs.
    
    Change-Id: I39cec96ae12826b506b496fda7da74201015fd75
    BUG: 1178688
    Signed-off-by: Pranith Kumar K <pkarampu>
    Reviewed-on: http://review.gluster.org/9385
    Tested-by: Gluster Build System <jenkins.com>
    Reviewed-by: Emmanuel Dreyfus <manu>
    Tested-by: Emmanuel Dreyfus <manu>
    Reviewed-by: Xavier Hernandez <xhernandez>
Comment 8 Niels de Vos 2015-05-14 17:28:49 UTC 
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.0, please open a new bug report.

glusterfs-3.7.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/10939
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user
Comment 9 Niels de Vos 2015-05-14 17:35:47 UTC 
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.0, please open a new bug report.

glusterfs-3.7.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/10939
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user
Comment 10 Niels de Vos 2015-05-14 17:38:09 UTC 
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.0, please open a new bug report.

glusterfs-3.7.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/10939
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user
Comment 11 Niels de Vos 2015-05-14 17:45:24 UTC 
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.0, please open a new bug report.

glusterfs-3.7.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/10939
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user
Note You need to log in before you can comment on or make changes to this bug.