ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yusaku Sako (JIRA)" <j...@apache.org>
Subject [jira] [Deleted] (AMBARI-17172) Kadmin operations can leak the admin password in ps output
Date Fri, 10 Jun 2016 18:26:21 GMT

     [ https://issues.apache.org/jira/browse/AMBARI-17172?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Yusaku Sako deleted AMBARI-17172:
---------------------------------


> Kadmin operations can leak the admin password in ps output
> ----------------------------------------------------------
>
>                 Key: AMBARI-17172
>                 URL: https://issues.apache.org/jira/browse/AMBARI-17172
>             Project: Ambari
>          Issue Type: Bug
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Critical
>              Labels: kerberos
>
> add_principal operations pass the password in the command line, so users on the system
can run {{ps aux | grep kadmin}} and be able to see the admin users password in ps output.
This can turn into a security issue that would allow non privileged users to obtain this password
and use it to escalate their privileges.
> We need to find a way to prevent passing this password as a CLI option.
> *Solution*
> Pass the admin and user passwords to {{kadmin}} via the process's STDIN channel rather
than the via the command line. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message