You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2016/06/10 18:14:20 UTC

[jira] [Created] (AMBARI-17172) Kadmin operations can leak the admin password in ps output

Robert Levas created AMBARI-17172:
-------------------------------------

             Summary: Kadmin operations can leak the admin password in ps output
                 Key: AMBARI-17172
                 URL: https://issues.apache.org/jira/browse/AMBARI-17172
             Project: Ambari
          Issue Type: Bug
          Components: ambari-server
    Affects Versions: 2.0.0
            Reporter: Robert Levas
            Assignee: Robert Levas
            Priority: Critical
             Fix For: 2.4.0


add_principal operations pass the password in the command line, so users on the system can run {{ps aux | grep kadmin}} and be able to see the admin users password in ps output. This can turn into a security issue that would allow non privileged users to obtain this password and use it to escalate their privileges.

We need to find a way to prevent passing this password as a CLI option.

*Solution*
Pass the admin and user passwords to {{kadmin}} via the process's STDIN channel rather than the via the command line. 




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)