You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by Andrew Onischuk <ao...@hortonworks.com> on 2015/02/18 14:23:37 UTC

Review Request 31157: Vulnerability issue: possible to make code injection with hosts bootstrap request

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31157/
-----------------------------------------------------------

Review request for Ambari and Dmitro Lisnichenko.


Bugs: AMBARI-9689
    https://issues.apache.org/jira/browse/AMBARI-9689


Repository: ambari


Description
-------

**STR**

  1. Proceed to step 2 of Install Wizard.
  2. Check SSH hosts registration.
  3. Customize SSH user account with typing into corresponding field something like `root; rm -rf /tmp;`

**AR**

  1. The code above is executed.
  2. Hosts bootstrap isn't succeeded.

**ER**  
Some FE/BE validation/handling needed.


Diffs
-----

  ambari-common/src/main/python/resource_management/core/shell.py 956ba01 
  ambari-server/pom.xml 210d2f4 
  ambari-server/src/main/java/org/apache/ambari/server/bootstrap/BSRunner.java 4790691 
  ambari-server/src/main/python/bootstrap.py 6afcaf2 
  ambari-server/src/main/python/setupAgent.py 3595e2f 
  ambari-server/src/test/java/org/apache/ambari/server/bootstrap/BootStrapTest.java 0172b29 

Diff: https://reviews.apache.org/r/31157/diff/


Testing
-------

mvn clean test


Thanks,

Andrew Onischuk