nickva commented on PR #106:
URL: https://github.com/apache/couchdb-pkg/pull/106#issuecomment-1401532175
Testing with commit 567d1c4b3d9c4baa784957110ed7690f16131cae on a Debian
Buster VM:
I see `\n` escaped properly but some control characters get through. If
users can type in `\` as one of the characters they could generate any of the
control characters.
cookie: `a b\n\t\xd#{}()[]$&^!-=+?|//c\\d\\\e\\\\f`
`-setcookie 'a b\n ^M#{}()[]$&^!-=+?|//c\d\e\\f'`
another example
cookie: `a\n\t\ \x\\y\\\z//w///`
`-setcookie 'a\n x\y\z//w///'`
RPM test on CentOS 7
It seems the replacement had stopped working both for the user supplied
cookie in a variable or for the randomly generated one:
```
[root@nvcentos7 ~]# export COUCHDB_COOKIE='a
b\n\t\xd#{}()[]$&^!-=+?|//c\\d\\\e\\\\f'
[root@nvcentos7 ~]# echo ${COUCHDB_COOKIE}
a b\n\t\xd#{}()[]$&^!-=+?|//c\\d\\\e\\\\f
[root@nvcentos7 ~]# rpm -i couchdb-3.3.1.1.1-1.el7.x86_64.rpm
Using defined COUCHDB_COOKIE value.
```
```
# All nodes must share the same magic cookie for distributed Erlang to work.
# Uncomment the following line and append a securely generated random value.
# -setcookie
```
For random generated one:
```
[root@nvcentos7 ~]# rpm -i couchdb-3.3.1.1.1-1.el7.x86_64.rpm
Generating random cookie value.
[root@nvcentos7 ~]# grep setcookie /opt/couchdb/etc/vm.args
# -setcookie
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
