Re: Review Request 58671: check_ambari_permissions.py does not run for all the files and directories listed

Juanjo Marron Mon, 24 Apr 2017 09:37:05 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58671/
-----------------------------------------------------------


(Updated April 24, 2017, 4:36 p.m.)


Review request for Ambari, Alejandro Fernandez, Aravindan Vijayan, Di Li, and 
Vitalyi Brodetskyi.


Bugs: AMBARI-20825
    https://issues.apache.org/jira/browse/AMBARI-20825


Repository: ambari


Description (updated)
-------

ambari-server/src/main/resources/scripts/check_ambari_permissions.py script 
introduced in branch 2.5.0 and published here 
(https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.5.0)
 to solve Public Vulnerability:
https://nvd.nist.gov/vuln/detail/CVE-2017-5642 works only partially. 
There is a bug and it only handles the last directory/file when there are 
multiple directories/files listed.
So the vulnerability is not totally resolved. 
For example files under /etc/ambari-server/conf/ such as ambari.properties are 
not revised


Diffs
-----

  ambari-server/src/main/resources/scripts/check_ambari_permissions.py 638f65f 


Diff: https://reviews.apache.org/r/58671/diff/1/


Testing
-------

Manual testing on a 2.4.2 cluster with permission issues


Thanks,

Juanjo  Marron

Re: Review Request 58671: check_ambari_permissions.py does not run for all the files and directories listed

Reply via email to