ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rle...@apache.org
Subject ambari git commit: AMBARI-20018. Document security issue related to setting security.agent.hostname.validate to false (rlevas)
Date Wed, 15 Feb 2017 16:39:25 GMT
Repository: ambari
Updated Branches:
  refs/heads/branch-2.5 cb59ebdf7 -> 8b5883316


AMBARI-20018. Document security issue related to setting security.agent.hostname.validate
to false (rlevas)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/8b588331
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/8b588331
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/8b588331

Branch: refs/heads/branch-2.5
Commit: 8b5883316f0e1348548e3a2cfcafa0c2a6d21048
Parents: cb59ebd
Author: Robert Levas <rlevas@hortonworks.com>
Authored: Wed Feb 15 11:21:05 2017 -0500
Committer: Robert Levas <rlevas@hortonworks.com>
Committed: Wed Feb 15 11:21:05 2017 -0500

----------------------------------------------------------------------
 ambari-server/docs/configuration/index.md                          | 2 +-
 .../java/org/apache/ambari/server/configuration/Configuration.java | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/8b588331/ambari-server/docs/configuration/index.md
----------------------------------------------------------------------
diff --git a/ambari-server/docs/configuration/index.md b/ambari-server/docs/configuration/index.md
index 34dafc2..e0a01dc 100644
--- a/ambari-server/docs/configuration/index.md
+++ b/ambari-server/docs/configuration/index.md
@@ -166,7 +166,7 @@ The following are the properties which can be used to configure Ambari.
 | repo.validation.suffixes.ubuntu | The suffixes to use when validating Ubuntu repositories.
|`/dists/%s/Release` | 
 | resources.dir | The location on the Ambari Server where all resources exist, including
common services, stacks, and scripts. |`/var/lib/ambari-server/resources/` | 
 | rolling.upgrade.skip.packages.prefixes | A comma-separated list of packages which will
be skipped during a stack upgrade. | | 
-| security.agent.hostname.validate | Determines whether the Ambari Agent host names should
be validated against a regular expression to ensure that they are well-formed. |`true` | 
+| security.agent.hostname.validate | Determines whether the Ambari Agent host names should
be validated against a regular expression to ensure that they are well-formed.<br><br>WARNING:
By setting this value to false, host names will not be validated, allowing a possible security
vulnerability as described in CVE-2014-3582. See https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities
for more information.|`true` | 
 | security.master.key.location | The location on the Ambari Server of the master key file.
This is the key to the master keystore. | | 
 | security.master.keystore.location | The location on the Ambari Server of the master keystore
file. | | 
 | security.server.cert_name | The name of the file located in the `security.server.keys_dir`
directory where certificates will be generated when Ambari uses the `openssl ca` command.
|`ca.crt` | 

http://git-wip-us.apache.org/repos/asf/ambari/blob/8b588331/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
index 267aa14..e414aa1 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
@@ -506,7 +506,7 @@ public class Configuration {
    * Determines whether the Ambari Agent host names should be validated against
    * a regular expression to ensure that they are well-formed.
    */
-  @Markdown(description = "Determines whether the Ambari Agent host names should be validated
against a regular expression to ensure that they are well-formed.")
+  @Markdown(description = "Determines whether the Ambari Agent host names should be validated
against a regular expression to ensure that they are well-formed.<br><br>WARNING:
By setting this value to false, host names will not be validated, allowing a possible security
vulnerability as described in CVE-2014-3582. See https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities
for more information.")
   public static final ConfigurationProperty<String> SRVR_AGENT_HOSTNAME_VALIDATE =
new ConfigurationProperty<>(
       "security.agent.hostname.validate", "true");
 


Mime
View raw message