You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@ambari.apache.org by Juanjo Marron <jm...@us.ibm.com> on 2017/04/24 16:11:13 UTC
Review Request 58671: check_ambari_permissions.py does not run for
all the files and directories listed
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58671/
-----------------------------------------------------------
Review request for Ambari, Aravindan Vijayan, Di Li, and Vitalyi Brodetskyi.
Bugs: AMBARI-20825
https://issues.apache.org/jira/browse/AMBARI-20825
Repository: ambari
Description
-------
ambari-server/src/main/resources/scripts/check_ambari_permissions.py script introduced in branch 2.5.0 and published here (https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.5.0) to solve Public Vulnerability:
https://nvd.nist.gov/vuln/detail/CVE-2017-5642 work sonly partially.
There is a bug and it only handles the last directory/file when there are multiple directories/files listed.
So the vulnerability is not totally resolved.
For example files under /etc/ambari-server/conf/ such as ambari.properties are not revised
Diffs
-----
ambari-server/src/main/resources/scripts/check_ambari_permissions.py 638f65f
Diff: https://reviews.apache.org/r/58671/diff/1/
Testing
-------
Manual testing on a 2.4.2 cluster with permission issues
Thanks,
Juanjo Marron
Re: Review Request 58671: check_ambari_permissions.py does not run
for all the files and directories listed
Posted by Alejandro Fernandez <af...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58671/#review172805
-----------------------------------------------------------
Ship it!
Ship It!
- Alejandro Fernandez
On April 24, 2017, 4:11 p.m., Juanjo Marron wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58671/
> -----------------------------------------------------------
>
> (Updated April 24, 2017, 4:11 p.m.)
>
>
> Review request for Ambari, Aravindan Vijayan, Di Li, and Vitalyi Brodetskyi.
>
>
> Bugs: AMBARI-20825
> https://issues.apache.org/jira/browse/AMBARI-20825
>
>
> Repository: ambari
>
>
> Description
> -------
>
> ambari-server/src/main/resources/scripts/check_ambari_permissions.py script introduced in branch 2.5.0 and published here (https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.5.0) to solve Public Vulnerability:
> https://nvd.nist.gov/vuln/detail/CVE-2017-5642 work sonly partially.
> There is a bug and it only handles the last directory/file when there are multiple directories/files listed.
> So the vulnerability is not totally resolved.
> For example files under /etc/ambari-server/conf/ such as ambari.properties are not revised
>
>
> Diffs
> -----
>
> ambari-server/src/main/resources/scripts/check_ambari_permissions.py 638f65f
>
>
> Diff: https://reviews.apache.org/r/58671/diff/1/
>
>
> Testing
> -------
>
> Manual testing on a 2.4.2 cluster with permission issues
>
>
> Thanks,
>
> Juanjo Marron
>
>