You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cloudstack.apache.org by "Sheng Yang (JIRA)" <ji...@apache.org> on 2014/03/25 23:57:14 UTC

[jira] [Updated] (CLOUDSTACK-6285) Some passwords in the VR would be cleared out by accident due to falsely match in the savepassword.sh

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-6285?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sheng Yang updated CLOUDSTACK-6285:
-----------------------------------

    Description: 
There is a bug in savepassword.sh since long time ago, that when VR try to update the passwords file, it may accidentally clear the password of other VRs due to the IP address it contained.

+sed -i /$VM_IP/d $PASSWD_FILE

This line would match 10.1.1.223, 10.1.1.224 etc for 10.1.1.2, thus result in clear them all.

It's not critical because user can reset the password again later.

  was:
There is a error in savepassword.sh since 2010, that when VR try to update the passwords file, it may accidentally clear the password of other VRs due to the IP address it contained.

+sed -i /$VM_IP/d $PASSWD_FILE

This line would match 10.1.1.223, 10.1.1.224 etc for 10.1.1.2, thus result in clear them all.


> Some passwords in the VR would be cleared out by accident due to falsely match in the savepassword.sh
> -----------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-6285
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6285
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Virtual Router
>    Affects Versions: 4.2.1, 4.4.0, 4.3.1
>            Reporter: Sheng Yang
>            Assignee: Sheng Yang
>             Fix For: 4.2.1, 4.4.0, 4.3.1
>
>
> There is a bug in savepassword.sh since long time ago, that when VR try to update the passwords file, it may accidentally clear the password of other VRs due to the IP address it contained.
> +sed -i /$VM_IP/d $PASSWD_FILE
> This line would match 10.1.1.223, 10.1.1.224 etc for 10.1.1.2, thus result in clear them all.
> It's not critical because user can reset the password again later.



--
This message was sent by Atlassian JIRA
(v6.2#6252)