> On Dec. 13, 2015, 2:29 p.m., Robert Levas wrote: > > ambari-server/src/main/python/ambari_server/setupSecurity.py, line 745 > > <https://reviews.apache.org/r/41329/diff/1/?file=1161936#file1161936line745> > > > > This will create a security issue since the master key will be visible > > in the environment. For example 'cat/proc/PID/environ'. > > Andrew Onischuk wrote: > Robert, > cat/proc/PID/environ cat be done only by user running the server. If > someone has access to that user he can just get the value from the file or do > anything else with ambari-server. > > Maybe you're rt and there is a security risk to this. But the reality is > that all ambari-server java logic relies on reading this value from > environment and we change that (not sure to what) this will be really risky > for Ambari-2.2 I'll create a ticket so we can discuss it for the next release. > > Is that ok with you, Robert?
ok. Good point. Let's drop this issue. - Robert ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/41329/#review110131 ----------------------------------------------------------- On Dec. 13, 2015, 2:31 p.m., Andrew Onischuk wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/41329/ > ----------------------------------------------------------- > > (Updated Dec. 13, 2015, 2:31 p.m.) > > > Review request for Ambari, Mahadev Konar and Robert Levas. > > > Bugs: AMBARI-14363 > https://issues.apache.org/jira/browse/AMBARI-14363 > > > Repository: ambari > > > Description > ------- > > . > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImpl.java > fe14004 > > ambari-server/src/main/java/org/apache/ambari/server/security/encryption/MasterKeyServiceImpl.java > 759fd8e > ambari-server/src/main/python/ambari_server/setupSecurity.py 19febcf > > Diff: https://reviews.apache.org/r/41329/diff/ > > > Testing > ------- > > mvn clean test > > > Thanks, > > Andrew Onischuk > >