You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Andrew Onischuk <ao...@hortonworks.com> on 2015/02/18 14:23:37 UTC
Review Request 31157: Vulnerability issue: possible to make code
injection with hosts bootstrap request
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31157/
-----------------------------------------------------------
Review request for Ambari and Dmitro Lisnichenko.
Bugs: AMBARI-9689
https://issues.apache.org/jira/browse/AMBARI-9689
Repository: ambari
Description
-------
**STR**
1. Proceed to step 2 of Install Wizard.
2. Check SSH hosts registration.
3. Customize SSH user account with typing into corresponding field something like `root; rm -rf /tmp;`
**AR**
1. The code above is executed.
2. Hosts bootstrap isn't succeeded.
**ER**
Some FE/BE validation/handling needed.
Diffs
-----
ambari-common/src/main/python/resource_management/core/shell.py 956ba01
ambari-server/pom.xml 210d2f4
ambari-server/src/main/java/org/apache/ambari/server/bootstrap/BSRunner.java 4790691
ambari-server/src/main/python/bootstrap.py 6afcaf2
ambari-server/src/main/python/setupAgent.py 3595e2f
ambari-server/src/test/java/org/apache/ambari/server/bootstrap/BootStrapTest.java 0172b29
Diff: https://reviews.apache.org/r/31157/diff/
Testing
-------
mvn clean test
Thanks,
Andrew Onischuk