You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Rajani Karuturi (JIRA)" <ji...@apache.org> on 2013/12/20 13:26:13 UTC

[jira] [Resolved] (CLOUDSTACK-4886) cloud-setup-databases not escaping password in shell commands

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-4886?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rajani Karuturi resolved CLOUDSTACK-4886.
-----------------------------------------

    Resolution: Fixed

review request is pushed

> cloud-setup-databases not escaping password in shell commands
> -------------------------------------------------------------
>
>                 Key: CLOUDSTACK-4886
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-4886
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>    Affects Versions: 4.2.0
>            Reporter: John Kinsella
>            Assignee: Rajani Karuturi
>             Fix For: 4.3.0
>
>
> When initializing a new ACS database, the database key is not being properly escaped when passed back to shell commands. I haven't tested the other keys passed into this command, yet.
> (Passwords below are not real, but the < character and resulting error is what was encountered)
> root@acsmgmt01 ACS# cloudstack-setup-databases cloud:jpiasfadf324234jcW@localhost --deploy-as=root:lkjeroiuwer -e file -m 'asdflkjasdflkjwer' -k 'sfsd<Cugasdfsdf' -i 10.100.10.10
> Mysql user name:cloud [ OK ]
> Mysql user password:jpiasfadf324234jcW [ OK ]
> Mysql server ip:localhost [ OK ]
> Mysql server port:3306 [ OK ]
> Mysql root user name:root [ OK ]
> Mysql root user password:lkjeroiuwer [ OK ]
> Using specified cluster management server node IP 10.100.10.10 [ OK ]
> Checking Cloud database files ... [ OK ]
> Checking local machine hostname ... [ OK ]
> Checking SELinux setup ... WARNING: We detected that your SELinux is not configured in permissive. to make sure cloudstack won't block by SELinux after system reboot, we strongly suggest you setting it in permissive in /etc/selinux/config, then reboot the machine.
> [ OK ]
> Preparing /etc/cloudstack/management/db.properties [ OK ]
> Applying /usr/share/cloudstack-management/setup/create-database.sql [ OK ]
> Applying /usr/share/cloudstack-management/setup/create-schema.sql [ OK ]
> Applying /usr/share/cloudstack-management/setup/create-database-premium.sql [ OK ]
> Applying /usr/share/cloudstack-management/setup/create-schema-premium.sql [ OK ]
> Applying /usr/share/cloudstack-management/setup/server-setup.sql [ OK ]
> Applying /usr/share/cloudstack-management/setup/templates.sql [ OK ]
> Applying /usr/share/cloudstack-bridge/setup/cloudbridge_db.sql [ OK ]
> Applying /usr/share/cloudstack-bridge/setup/cloudbridge_schema.sql [ OK ]
> Applying /usr/share/cloudstack-bridge/setup/cloudbridge_multipart.sql [ OK ]
> Applying /usr/share/cloudstack-bridge/setup/cloudbridge_index.sql [ OK ]
> Applying /usr/share/cloudstack-bridge/setup/cloudbridge_multipart_alter.sql [ OK ]
> Applying /usr/share/cloudstack-bridge/setup/cloudbridge_bucketpolicy.sql [ OK ]
> Applying /usr/share/cloudstack-bridge/setup/cloudbridge_policy_alter.sql [ OK ]
> Applying /usr/share/cloudstack-bridge/setup/cloudbridge_offering.sql [ OK ]
> Applying /usr/share/cloudstack-bridge/setup/cloudbridge_offering_alter.sql [ OK ]
> Processing encryption ... Traceback (most recent call last):
> File "/usr/bin/cloudstack-setup-databases", line 607, in <module>
> o.run()
> File "/usr/bin/cloudstack-setup-databases", line 596, in run
> self.processEncryptionStuff()
> File "/usr/bin/cloudstack-setup-databases", line 433, in processEncryptionStuff
> encryptDBSecretKey()
> File "/usr/bin/cloudstack-setup-databases", line 417, in encryptDBSecretKey
> self.putDbProperty('db.cloud.encrypt.secret', formatEncryptResult(encrypt(self.dbsecretkey)))
> File "/usr/bin/cloudstack-setup-databases", line 407, in encrypt
> return runCmd(cmd).strip('\n')
> File "/usr/bin/cloudstack-setup-databases", line 51, in runCmd
> raise Exception(stderr)
> Exception: /bin/sh: Cugasdfsdf: No such file or directory
> Looks like this is caused by no escaping at line 406 in cloudstack-setup-databases.



--
This message was sent by Atlassian JIRA
(v6.1.4#6159)