[
https://issues.apache.org/jira/browse/AMBARI-9689?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14325959#comment-14325959
]
Hudson commented on AMBARI-9689:
--------------------------------
FAILURE: Integrated in Ambari-trunk-Commit #1802 (See
[https://builds.apache.org/job/Ambari-trunk-Commit/1802/])
AMBARI-9689. Vulnerability issue: possible to make code injection with hosts
bootstrap request (aonishuk) (aonishuk:
http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=e9c8b2660910c8f07ac78c4e60ef517a7d02f1c7)
*
ambari-server/src/test/java/org/apache/ambari/server/bootstrap/BootStrapTest.java
* ambari-server/src/main/python/setupAgent.py
* ambari-common/src/main/python/resource_management/core/shell.py
* ambari-server/pom.xml
* ambari-server/src/main/python/bootstrap.py
* ambari-server/src/main/java/org/apache/ambari/server/bootstrap/BSRunner.java
> Vulnerability issue: possible to make code injection with hosts bootstrap
> request
> ---------------------------------------------------------------------------------
>
> Key: AMBARI-9689
> URL: https://issues.apache.org/jira/browse/AMBARI-9689
> Project: Ambari
> Issue Type: Bug
> Reporter: Andrew Onischuk
> Assignee: Andrew Onischuk
> Fix For: 2.0.0
>
>
> **STR**
> 1. Proceed to step 2 of Install Wizard.
> 2. Check SSH hosts registration.
> 3. Customize SSH user account with typing into corresponding field
> something like `root; rm -rf /tmp;`
> **AR**
> 1. The code above is executed.
> 2. Hosts bootstrap isn't succeeded.
> **ER**
> Some FE/BE validation/handling needed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
