You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Andrew Onischuk <ao...@hortonworks.com> on 2015/09/14 13:55:30 UTC

Review Request 38353: Verify if restricting acls on /var/lib/ambari-agent/data will be OK

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38353/
-----------------------------------------------------------

Review request for Ambari and Dmitro Lisnichenko.


Bugs: AMBARI-13087
    https://issues.apache.org/jira/browse/AMBARI-13087


Repository: ambari


Description
-------

**DO NOT CREATE AN EXTERNAL APACHE JIRA**  
Add the findings to this JIRA. This is a potential security issue and hence a
different process needs to be followed.

1\. the permissions of the /var/lib/ambari-agent/data folder is 0744. The data
folder contains output and error streams from all ambari agents’ commands. If
a script prints any of its parameters to the screen, such as passwords, either
while succeeding, or when an exception is thrown, then all users on the system
are able to read this data. Unless we’re mistaken, the correct permissions on
this folder should be 0700.

2\. The permissions of the /var/lib/ambari-agent/keys/<hostname>.key private
key is set to 0644. This makes the private key of the ambari agent publically
readable. As far as we know, ambari agents talk to the server with SSL using
the key placed here (if SSL is enabled). We think that within a short amount
of time it is possible for any user on the system to craft the call to the
ambari server pretending to be the ambari agent heartbeat, and intercept all
configurations being sent to the ambari agent. These configurations contain
all parameters of the cluster, and are therefore prone to containing admin
passwords, it undermines the SSL encryption completely. Unless we’re mistaken,
the correct permissions should be 0600.

Further suggestions:  
chmod -R 0600 /var/lib/ambari-agent/data  
chmod -R a+X /var/lib/ambari-agent/data  
chmod -R a+rx /var/lib/ambari-agent/data/tmp  
chmod 0600 /var/lib/ambari-agent/keys/*.key

Ideally ambari would separate out this temporary directory and even smartly
review creation of files to be chowned to the correct user. These scripts
often are created from templates and may then also possibly contain passwords.

**DO NOT CREATE AN EXTERNAL APACHE JIRA**


Diffs
-----

  ambari-agent/conf/unix/ambari-agent.ini abfde62 
  ambari-agent/conf/unix/install-helper.sh 48391d5 
  ambari-agent/pom.xml c2bee4a 
  ambari-agent/src/main/python/ambari_agent/Constants.py PRE-CREATION 
  ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py 6ee929cb 
  ambari-agent/src/main/python/ambari_agent/alerts/metric_alert.py aa4ad75 
  ambari-agent/src/main/python/ambari_agent/alerts/script_alert.py 76afbc9 
  ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py b76d5e0 
  ambari-agent/src/main/python/ambari_agent/security.py bfaf134 
  ambari-agent/src/test/python/ambari_agent/TestCertGeneration.py d188dbd 
  ambari-agent/src/test/python/ambari_agent/TestCustomServiceOrchestrator.py 831ecce 
  ambari-agent/src/test/python/ambari_agent/TestSecurity.py c47172a 
  ambari-common/src/main/python/resource_management/libraries/script/script.py a2c0c45 
  ambari-server/src/main/python/bootstrap.py 98a3a93 
  ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/namenode.py 1415367 
  ambari-server/src/test/python/TestBootstrap.py 1fcb3ad 

Diff: https://reviews.apache.org/r/38353/diff/


Testing
-------

mvn clean test


Thanks,

Andrew Onischuk

Re: Review Request 38353: Verify if restricting acls on /var/lib/ambari-agent/data will be OK

Posted by Andrew Onischuk <ao...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38353/
-----------------------------------------------------------

(Updated Sept. 14, 2015, 11:58 a.m.)


Review request for Ambari and Dmitro Lisnichenko.


Bugs: AMBARI-13087
    https://issues.apache.org/jira/browse/AMBARI-13087


Repository: ambari


Description (updated)
-------

-


Diffs
-----

  ambari-agent/conf/unix/ambari-agent.ini abfde62 
  ambari-agent/conf/unix/install-helper.sh 48391d5 
  ambari-agent/pom.xml c2bee4a 
  ambari-agent/src/main/python/ambari_agent/Constants.py PRE-CREATION 
  ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py 6ee929cb 
  ambari-agent/src/main/python/ambari_agent/alerts/metric_alert.py aa4ad75 
  ambari-agent/src/main/python/ambari_agent/alerts/script_alert.py 76afbc9 
  ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py b76d5e0 
  ambari-agent/src/main/python/ambari_agent/security.py bfaf134 
  ambari-agent/src/test/python/ambari_agent/TestCertGeneration.py d188dbd 
  ambari-agent/src/test/python/ambari_agent/TestCustomServiceOrchestrator.py 831ecce 
  ambari-agent/src/test/python/ambari_agent/TestSecurity.py c47172a 
  ambari-common/src/main/python/resource_management/libraries/script/script.py a2c0c45 
  ambari-server/src/main/python/bootstrap.py 98a3a93 
  ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/namenode.py 1415367 
  ambari-server/src/test/python/TestBootstrap.py 1fcb3ad 

Diff: https://reviews.apache.org/r/38353/diff/


Testing
-------

mvn clean test


Thanks,

Andrew Onischuk

Re: Review Request 38353: Verify if restricting acls on /var/lib/ambari-agent/data will be OK

Posted by Dmitro Lisnichenko <dl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38353/#review98833
-----------------------------------------------------------

Ship it!


Ship It!

- Dmitro Lisnichenko


On Sept. 14, 2015, 11:55 a.m., Andrew Onischuk wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38353/
> -----------------------------------------------------------
> 
> (Updated Sept. 14, 2015, 11:55 a.m.)
> 
> 
> Review request for Ambari and Dmitro Lisnichenko.
> 
> 
> Bugs: AMBARI-13087
>     https://issues.apache.org/jira/browse/AMBARI-13087
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> **DO NOT CREATE AN EXTERNAL APACHE JIRA**  
> Add the findings to this JIRA. This is a potential security issue and hence a
> different process needs to be followed.
> 
> 1\. the permissions of the /var/lib/ambari-agent/data folder is 0744. The data
> folder contains output and error streams from all ambari agents’ commands. If
> a script prints any of its parameters to the screen, such as passwords, either
> while succeeding, or when an exception is thrown, then all users on the system
> are able to read this data. Unless we’re mistaken, the correct permissions on
> this folder should be 0700.
> 
> 2\. The permissions of the /var/lib/ambari-agent/keys/<hostname>.key private
> key is set to 0644. This makes the private key of the ambari agent publically
> readable. As far as we know, ambari agents talk to the server with SSL using
> the key placed here (if SSL is enabled). We think that within a short amount
> of time it is possible for any user on the system to craft the call to the
> ambari server pretending to be the ambari agent heartbeat, and intercept all
> configurations being sent to the ambari agent. These configurations contain
> all parameters of the cluster, and are therefore prone to containing admin
> passwords, it undermines the SSL encryption completely. Unless we’re mistaken,
> the correct permissions should be 0600.
> 
> Further suggestions:  
> chmod -R 0600 /var/lib/ambari-agent/data  
> chmod -R a+X /var/lib/ambari-agent/data  
> chmod -R a+rx /var/lib/ambari-agent/data/tmp  
> chmod 0600 /var/lib/ambari-agent/keys/*.key
> 
> Ideally ambari would separate out this temporary directory and even smartly
> review creation of files to be chowned to the correct user. These scripts
> often are created from templates and may then also possibly contain passwords.
> 
> **DO NOT CREATE AN EXTERNAL APACHE JIRA**
> 
> 
> Diffs
> -----
> 
>   ambari-agent/conf/unix/ambari-agent.ini abfde62 
>   ambari-agent/conf/unix/install-helper.sh 48391d5 
>   ambari-agent/pom.xml c2bee4a 
>   ambari-agent/src/main/python/ambari_agent/Constants.py PRE-CREATION 
>   ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py 6ee929cb 
>   ambari-agent/src/main/python/ambari_agent/alerts/metric_alert.py aa4ad75 
>   ambari-agent/src/main/python/ambari_agent/alerts/script_alert.py 76afbc9 
>   ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py b76d5e0 
>   ambari-agent/src/main/python/ambari_agent/security.py bfaf134 
>   ambari-agent/src/test/python/ambari_agent/TestCertGeneration.py d188dbd 
>   ambari-agent/src/test/python/ambari_agent/TestCustomServiceOrchestrator.py 831ecce 
>   ambari-agent/src/test/python/ambari_agent/TestSecurity.py c47172a 
>   ambari-common/src/main/python/resource_management/libraries/script/script.py a2c0c45 
>   ambari-server/src/main/python/bootstrap.py 98a3a93 
>   ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/namenode.py 1415367 
>   ambari-server/src/test/python/TestBootstrap.py 1fcb3ad 
> 
> Diff: https://reviews.apache.org/r/38353/diff/
> 
> 
> Testing
> -------
> 
> mvn clean test
> 
> 
> Thanks,
> 
> Andrew Onischuk
> 
>