[ https://issues.apache.org/jira/browse/CLOUDSTACK-4886?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Abhinandan Prateek updated CLOUDSTACK-4886: ------------------------------------------- Fix Version/s: (was: 4.2.1) 4.3.0 > cloud-setup-databases not escaping password in shell commands > ------------------------------------------------------------- > > Key: CLOUDSTACK-4886 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-4886 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Affects Versions: 4.2.0 > Reporter: John Kinsella > Fix For: 4.3.0 > > > When initializing a new ACS database, the database key is not being properly > escaped when passed back to shell commands. I haven't tested the other keys > passed into this command, yet. > (Passwords below are not real, but the < character and resulting error is > what was encountered) > root@acsmgmt01 ACS# cloudstack-setup-databases > cloud:jpiasfadf324234jcW@localhost --deploy-as=root:lkjeroiuwer -e file -m > 'asdflkjasdflkjwer' -k 'sfsd<Cugasdfsdf' -i 10.100.10.10 > Mysql user name:cloud [ OK ] > Mysql user password:jpiasfadf324234jcW [ OK ] > Mysql server ip:localhost [ OK ] > Mysql server port:3306 [ OK ] > Mysql root user name:root [ OK ] > Mysql root user password:lkjeroiuwer [ OK ] > Using specified cluster management server node IP 10.100.10.10 [ OK ] > Checking Cloud database files ... [ OK ] > Checking local machine hostname ... [ OK ] > Checking SELinux setup ... WARNING: We detected that your SELinux is not > configured in permissive. to make sure cloudstack won't block by SELinux > after system reboot, we strongly suggest you setting it in permissive in > /etc/selinux/config, then reboot the machine. > [ OK ] > Preparing /etc/cloudstack/management/db.properties [ OK ] > Applying /usr/share/cloudstack-management/setup/create-database.sql [ OK ] > Applying /usr/share/cloudstack-management/setup/create-schema.sql [ OK ] > Applying /usr/share/cloudstack-management/setup/create-database-premium.sql [ > OK ] > Applying /usr/share/cloudstack-management/setup/create-schema-premium.sql [ > OK ] > Applying /usr/share/cloudstack-management/setup/server-setup.sql [ OK ] > Applying /usr/share/cloudstack-management/setup/templates.sql [ OK ] > Applying /usr/share/cloudstack-bridge/setup/cloudbridge_db.sql [ OK ] > Applying /usr/share/cloudstack-bridge/setup/cloudbridge_schema.sql [ OK ] > Applying /usr/share/cloudstack-bridge/setup/cloudbridge_multipart.sql [ OK ] > Applying /usr/share/cloudstack-bridge/setup/cloudbridge_index.sql [ OK ] > Applying /usr/share/cloudstack-bridge/setup/cloudbridge_multipart_alter.sql [ > OK ] > Applying /usr/share/cloudstack-bridge/setup/cloudbridge_bucketpolicy.sql [ OK > ] > Applying /usr/share/cloudstack-bridge/setup/cloudbridge_policy_alter.sql [ OK > ] > Applying /usr/share/cloudstack-bridge/setup/cloudbridge_offering.sql [ OK ] > Applying /usr/share/cloudstack-bridge/setup/cloudbridge_offering_alter.sql [ > OK ] > Processing encryption ... Traceback (most recent call last): > File "/usr/bin/cloudstack-setup-databases", line 607, in <module> > o.run() > File "/usr/bin/cloudstack-setup-databases", line 596, in run > self.processEncryptionStuff() > File "/usr/bin/cloudstack-setup-databases", line 433, in > processEncryptionStuff > encryptDBSecretKey() > File "/usr/bin/cloudstack-setup-databases", line 417, in encryptDBSecretKey > self.putDbProperty('db.cloud.encrypt.secret', > formatEncryptResult(encrypt(self.dbsecretkey))) > File "/usr/bin/cloudstack-setup-databases", line 407, in encrypt > return runCmd(cmd).strip('\n') > File "/usr/bin/cloudstack-setup-databases", line 51, in runCmd > raise Exception(stderr) > Exception: /bin/sh: Cugasdfsdf: No such file or directory > Looks like this is caused by no escaping at line 406 in > cloudstack-setup-databases. -- This message was sent by Atlassian JIRA (v6.1#6144)