subject:"Re\: Review Request 41329\: Cannot save KDC admin creds"

Re: Review Request 41329: Cannot save KDC admin creds

2015-12-13 Thread Robert Levas


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/41329/#review110137
---

Ship it!


Ship It!

- Robert Levas


On Dec. 13, 2015, 2:31 p.m., Andrew Onischuk wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/41329/
> ---
> 
> (Updated Dec. 13, 2015, 2:31 p.m.)
> 
> 
> Review request for Ambari, Mahadev Konar and Robert Levas.
> 
> 
> Bugs: AMBARI-14363
> https://issues.apache.org/jira/browse/AMBARI-14363
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> .
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImpl.java
>  fe14004 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/encryption/MasterKeyServiceImpl.java
>  759fd8e 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 19febcf 
> 
> Diff: https://reviews.apache.org/r/41329/diff/
> 
> 
> Testing
> ---
> 
> mvn clean test
> 
> 
> Thanks,
> 
> Andrew Onischuk
> 
>

Re: Review Request 41329: Cannot save KDC admin creds

2015-12-13 Thread Robert Levas



> On Dec. 13, 2015, 2:29 p.m., Robert Levas wrote:
> > ambari-server/src/main/python/ambari_server/setupSecurity.py, line 745
> > 
> >
> > This will create a security issue since the master key will be visible 
> > in the environment. For example 'cat/proc/PID/environ'.
> 
> Andrew Onischuk wrote:
> Robert, 
> cat/proc/PID/environ cat be done only by user running the server. If 
> someone has access to that user he can just get the value from the file or do 
> anything else with ambari-server.
> 
> Maybe you're rt and there is a security risk to this. But the reality is 
> that all ambari-server java logic relies on reading this value from 
> environment and we change that (not sure to what) this will be really risky 
> for Ambari-2.2 I'll create a ticket so we can discuss it for the next release.
> 
> Is that ok with you, Robert?

ok.  Good point.  Let's drop this issue.


- Robert


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/41329/#review110131
---


On Dec. 13, 2015, 2:31 p.m., Andrew Onischuk wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/41329/
> ---
> 
> (Updated Dec. 13, 2015, 2:31 p.m.)
> 
> 
> Review request for Ambari, Mahadev Konar and Robert Levas.
> 
> 
> Bugs: AMBARI-14363
> https://issues.apache.org/jira/browse/AMBARI-14363
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> .
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImpl.java
>  fe14004 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/encryption/MasterKeyServiceImpl.java
>  759fd8e 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 19febcf 
> 
> Diff: https://reviews.apache.org/r/41329/diff/
> 
> 
> Testing
> ---
> 
> mvn clean test
> 
> 
> Thanks,
> 
> Andrew Onischuk
> 
>

Re: Review Request 41329: Cannot save KDC admin creds

2015-12-13 Thread Mahadev Konar


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/41329/#review110133
---

Ship it!


Ship It!

- Mahadev Konar


On Dec. 13, 2015, 7:31 p.m., Andrew Onischuk wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/41329/
> ---
> 
> (Updated Dec. 13, 2015, 7:31 p.m.)
> 
> 
> Review request for Ambari, Mahadev Konar and Robert Levas.
> 
> 
> Bugs: AMBARI-14363
> https://issues.apache.org/jira/browse/AMBARI-14363
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> .
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImpl.java
>  fe14004 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/encryption/MasterKeyServiceImpl.java
>  759fd8e 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 19febcf 
> 
> Diff: https://reviews.apache.org/r/41329/diff/
> 
> 
> Testing
> ---
> 
> mvn clean test
> 
> 
> Thanks,
> 
> Andrew Onischuk
> 
>

Re: Review Request 41329: Cannot save KDC admin creds

2015-12-13 Thread Andrew Onischuk



> On Dec. 13, 2015, 7:29 p.m., Robert Levas wrote:
> > ambari-server/src/main/python/ambari_server/setupSecurity.py, line 745
> > 
> >
> > This will create a security issue since the master key will be visible 
> > in the environment. For example 'cat/proc/PID/environ'.

Robert, 
cat/proc/PID/environ cat be done only by user running the server. If someone 
has access to that user he can just get the value from the file or do anything 
else with ambari-server.

Maybe you're rt and there is a security risk to this. But the reality is that 
all ambari-server java logic relies on reading this value from environment and 
we change that (not sure to what) this will be really risky for Ambari-2.2 I'll 
create a ticket so we can discuss it for the next release.

Is that ok with you, Robert?


- Andrew


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/41329/#review110131
---


On Dec. 13, 2015, 7:31 p.m., Andrew Onischuk wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/41329/
> ---
> 
> (Updated Dec. 13, 2015, 7:31 p.m.)
> 
> 
> Review request for Ambari, Mahadev Konar and Robert Levas.
> 
> 
> Bugs: AMBARI-14363
> https://issues.apache.org/jira/browse/AMBARI-14363
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> .
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImpl.java
>  fe14004 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/encryption/MasterKeyServiceImpl.java
>  759fd8e 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 19febcf 
> 
> Diff: https://reviews.apache.org/r/41329/diff/
> 
> 
> Testing
> ---
> 
> mvn clean test
> 
> 
> Thanks,
> 
> Andrew Onischuk
> 
>

Re: Review Request 41329: Cannot save KDC admin creds

2015-12-13 Thread Robert Levas


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/41329/#review110131
---



ambari-server/src/main/python/ambari_server/setupSecurity.py (line 745)


This will create a security issue since the master key will be visible in 
the environment. For example 'cat/proc/PID/environ'.


- Robert Levas


On Dec. 13, 2015, 2:29 p.m., Andrew Onischuk wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/41329/
> ---
> 
> (Updated Dec. 13, 2015, 2:29 p.m.)
> 
> 
> Review request for Ambari and Robert Levas.
> 
> 
> Bugs: AMBARI-14363
> https://issues.apache.org/jira/browse/AMBARI-14363
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> .
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImpl.java
>  fe14004 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/encryption/MasterKeyServiceImpl.java
>  759fd8e 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 19febcf 
> 
> Diff: https://reviews.apache.org/r/41329/diff/
> 
> 
> Testing
> ---
> 
> mvn clean test
> 
> 
> Thanks,
> 
> Andrew Onischuk
> 
>

Re: Review Request 41329: Cannot save KDC admin creds

2015-12-13 Thread Andrew Onischuk


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/41329/
---

(Updated Dec. 13, 2015, 7:29 p.m.)


Review request for Ambari and Robert Levas.


Bugs: AMBARI-14363
https://issues.apache.org/jira/browse/AMBARI-14363


Repository: ambari


Description (updated)
---

.


Diffs (updated)
-

  
ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImpl.java
 fe14004 
  
ambari-server/src/main/java/org/apache/ambari/server/security/encryption/MasterKeyServiceImpl.java
 759fd8e 
  ambari-server/src/main/python/ambari_server/setupSecurity.py 19febcf 

Diff: https://reviews.apache.org/r/41329/diff/


Testing
---

mvn clean test


Thanks,

Andrew Onischuk

Re: Review Request 41329: Cannot save KDC admin creds

2015-12-13 Thread Mahadev Konar


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/41329/#review110128
---

Ship it!


Ship It!

- Mahadev Konar


On Dec. 13, 2015, 6:56 p.m., Andrew Onischuk wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/41329/
> ---
> 
> (Updated Dec. 13, 2015, 6:56 p.m.)
> 
> 
> Review request for Ambari and Robert Levas.
> 
> 
> Bugs: AMBARI-14363
> https://issues.apache.org/jira/browse/AMBARI-14363
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImpl.java
>  fe14004 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 19febcf 
> 
> Diff: https://reviews.apache.org/r/41329/diff/
> 
> 
> Testing
> ---
> 
> mvn clean test
> 
> 
> Thanks,
> 
> Andrew Onischuk
> 
>

Re: Review Request 41329: Cannot save KDC admin creds

Re: Review Request 41329: Cannot save KDC admin creds

Re: Review Request 41329: Cannot save KDC admin creds

Re: Review Request 41329: Cannot save KDC admin creds

Re: Review Request 41329: Cannot save KDC admin creds

Re: Review Request 41329: Cannot save KDC admin creds

Re: Review Request 41329: Cannot save KDC admin creds

7 matches

Site Navigation

Mail list logo

Footer information