io-stats: prevent taking file dump on server side

By allowing clients taking dump in a file on brick process, we are
allowing compromised clients to create io-stats dumps on server,
which can exhaust all the available inodes.

Fixes: CVE-2018-14659

Fixes: bz#1647669
Change-Id: I32bfde9d4fe646d819a45e627805b928cae2e1ca
Signed-off-by: Amar Tumballi <amarts@redhat.com>

1 files changed, 9 insertions, 0 deletions

diff --git a/xlators/debug/io-stats/src/io-stats.c b/xlators/debug/io-stats/src/io-stats.c
index 123c3436dcf..d54e62d9101 100644
--- a/xlators/debug/io-stats/src/io-stats.c
+++ b/xlators/debug/io-stats/src/io-stats.c
@@ -3084,6 +3084,15 @@ conditional_dump (dict_t *dict, char *key, data_t *value, void *data)
         stub  = data;
         this  = stub->this;
 
+        /* Don't do this on 'brick-side', only do this on client side */
+        /* Addresses CVE-2018-14659 */
+        if (this->ctx->process_mode != GF_CLIENT_PROCESS) {
+                gf_log(this->name, GF_LOG_DEBUG,
+                       "taking io-stats dump using setxattr not permitted on brick."
+                       " Use 'gluster profile' instead");
+                return -1;
+        }
+
         /* Create a file name that is appended with the io-stats instance
         name as well. This helps when there is more than a single io-stats
         instance in the graph, or the client and server processes are running