> On Dec. 13, 2015, 7:29 p.m., Robert Levas wrote: > > ambari-server/src/main/python/ambari_server/setupSecurity.py, line 745 > > <https://reviews.apache.org/r/41329/diff/1/?file=1161936#file1161936line745> > > > > This will create a security issue since the master key will be visible > > in the environment. For example 'cat/proc/PID/environ'.
Robert, cat/proc/PID/environ cat be done only by user running the server. If someone has access to that user he can just get the value from the file or do anything else with ambari-server. Maybe you're rt and there is a security risk to this. But the reality is that all ambari-server java logic relies on reading this value from environment and we change that (not sure to what) this will be really risky for Ambari-2.2 I'll create a ticket so we can discuss it for the next release. Is that ok with you, Robert? - Andrew ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/41329/#review110131 ----------------------------------------------------------- On Dec. 13, 2015, 7:31 p.m., Andrew Onischuk wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/41329/ > ----------------------------------------------------------- > > (Updated Dec. 13, 2015, 7:31 p.m.) > > > Review request for Ambari, Mahadev Konar and Robert Levas. > > > Bugs: AMBARI-14363 > https://issues.apache.org/jira/browse/AMBARI-14363 > > > Repository: ambari > > > Description > ------- > > . > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImpl.java > fe14004 > > ambari-server/src/main/java/org/apache/ambari/server/security/encryption/MasterKeyServiceImpl.java > 759fd8e > ambari-server/src/main/python/ambari_server/setupSecurity.py 19febcf > > Diff: https://reviews.apache.org/r/41329/diff/ > > > Testing > ------- > > mvn clean test > > > Thanks, > > Andrew Onischuk > >
