[ https://issues.apache.org/jira/browse/AMBARI-9689?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14325959#comment-14325959 ]
Hudson commented on AMBARI-9689: -------------------------------- FAILURE: Integrated in Ambari-trunk-Commit #1802 (See [https://builds.apache.org/job/Ambari-trunk-Commit/1802/]) AMBARI-9689. Vulnerability issue: possible to make code injection with hosts bootstrap request (aonishuk) (aonishuk: http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=e9c8b2660910c8f07ac78c4e60ef517a7d02f1c7) * ambari-server/src/test/java/org/apache/ambari/server/bootstrap/BootStrapTest.java * ambari-server/src/main/python/setupAgent.py * ambari-common/src/main/python/resource_management/core/shell.py * ambari-server/pom.xml * ambari-server/src/main/python/bootstrap.py * ambari-server/src/main/java/org/apache/ambari/server/bootstrap/BSRunner.java > Vulnerability issue: possible to make code injection with hosts bootstrap > request > --------------------------------------------------------------------------------- > > Key: AMBARI-9689 > URL: https://issues.apache.org/jira/browse/AMBARI-9689 > Project: Ambari > Issue Type: Bug > Reporter: Andrew Onischuk > Assignee: Andrew Onischuk > Fix For: 2.0.0 > > > **STR** > 1. Proceed to step 2 of Install Wizard. > 2. Check SSH hosts registration. > 3. Customize SSH user account with typing into corresponding field > something like `root; rm -rf /tmp;` > **AR** > 1. The code above is executed. > 2. Hosts bootstrap isn't succeeded. > **ER** > Some FE/BE validation/handling needed. -- This message was sent by Atlassian JIRA (v6.3.4#6332)