You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2016/06/10 18:14:20 UTC
[jira] [Created] (AMBARI-17172) Kadmin operations can leak the
admin password in ps output
Robert Levas created AMBARI-17172:
-------------------------------------
Summary: Kadmin operations can leak the admin password in ps output
Key: AMBARI-17172
URL: https://issues.apache.org/jira/browse/AMBARI-17172
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.0.0
Reporter: Robert Levas
Assignee: Robert Levas
Priority: Critical
Fix For: 2.4.0
add_principal operations pass the password in the command line, so users on the system can run {{ps aux | grep kadmin}} and be able to see the admin users password in ps output. This can turn into a security issue that would allow non privileged users to obtain this password and use it to escalate their privileges.
We need to find a way to prevent passing this password as a CLI option.
*Solution*
Pass the admin and user passwords to {{kadmin}} via the process's STDIN channel rather than the via the command line.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)