You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2017/02/15 16:20:17 UTC
ambari git commit: AMBARI-20018. Document security issue related to
setting security.agent.hostname.validate to false (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk a1f23ad42 -> 45842645c
AMBARI-20018. Document security issue related to setting security.agent.hostname.validate to false (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/45842645
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/45842645
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/45842645
Branch: refs/heads/trunk
Commit: 45842645c546a176f1692d0d7be008e2d51c5086
Parents: a1f23ad
Author: Robert Levas <rl...@hortonworks.com>
Authored: Wed Feb 15 11:20:03 2017 -0500
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Wed Feb 15 11:20:03 2017 -0500
----------------------------------------------------------------------
ambari-server/docs/configuration/index.md | 2 +-
.../java/org/apache/ambari/server/configuration/Configuration.java | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/45842645/ambari-server/docs/configuration/index.md
----------------------------------------------------------------------
diff --git a/ambari-server/docs/configuration/index.md b/ambari-server/docs/configuration/index.md
index 50864f2..ae2d549 100644
--- a/ambari-server/docs/configuration/index.md
+++ b/ambari-server/docs/configuration/index.md
@@ -172,7 +172,7 @@ The following are the properties which can be used to configure Ambari.
| repo.validation.suffixes.ubuntu | The suffixes to use when validating Ubuntu repositories. |`/dists/%s/Release` |
| resources.dir | The location on the Ambari Server where all resources exist, including common services, stacks, and scripts. |`/var/lib/ambari-server/resources/` |
| rolling.upgrade.skip.packages.prefixes | A comma-separated list of packages which will be skipped during a stack upgrade. | |
-| security.agent.hostname.validate | Determines whether the Ambari Agent host names should be validated against a regular expression to ensure that they are well-formed. |`true` |
+| security.agent.hostname.validate | Determines whether the Ambari Agent host names should be validated against a regular expression to ensure that they are well-formed.<br><br>WARNING: By setting this value to false, host names will not be validated, allowing a possible security vulnerability as described in CVE-2014-3582. See https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities for more information.|`true` |
| security.master.key.location | The location on the Ambari Server of the master key file. This is the key to the master keystore. | |
| security.master.keystore.location | The location on the Ambari Server of the master keystore file. | |
| security.server.cert_name | The name of the file located in the `security.server.keys_dir` directory where certificates will be generated when Ambari uses the `openssl ca` command. |`ca.crt` |
http://git-wip-us.apache.org/repos/asf/ambari/blob/45842645/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
index 5020790..e1df5bd 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
@@ -510,7 +510,7 @@ public class Configuration {
* Determines whether the Ambari Agent host names should be validated against
* a regular expression to ensure that they are well-formed.
*/
- @Markdown(description = "Determines whether the Ambari Agent host names should be validated against a regular expression to ensure that they are well-formed.")
+ @Markdown(description = "Determines whether the Ambari Agent host names should be validated against a regular expression to ensure that they are well-formed.<br><br>WARNING: By setting this value to false, host names will not be validated, allowing a possible security vulnerability as described in CVE-2014-3582. See https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities for more information.")
public static final ConfigurationProperty<String> SRVR_AGENT_HOSTNAME_VALIDATE = new ConfigurationProperty<>(
"security.agent.hostname.validate", "true");