cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Animesh Chaturvedi (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CLOUDSTACK-4886) cloud-setup-databases not escaping password in shell commands
Date Thu, 07 Nov 2013 22:27:48 GMT

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-4886?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Animesh Chaturvedi updated CLOUDSTACK-4886:
-------------------------------------------


BULK EDIT> These issues are open to be picked up. Help in resolution is appreciated.

> cloud-setup-databases not escaping password in shell commands
> -------------------------------------------------------------
>
>                 Key: CLOUDSTACK-4886
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-4886
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>    Affects Versions: 4.2.0
>            Reporter: John Kinsella
>             Fix For: 4.3.0
>
>
> When initializing a new ACS database, the database key is not being properly escaped
when passed back to shell commands. I haven't tested the other keys passed into this command,
yet.
> (Passwords below are not real, but the < character and resulting error is what was
encountered)
> root@acsmgmt01 ACS# cloudstack-setup-databases cloud:jpiasfadf324234jcW@localhost --deploy-as=root:lkjeroiuwer
-e file -m 'asdflkjasdflkjwer' -k 'sfsd<Cugasdfsdf' -i 10.100.10.10
> Mysql user name:cloud [ OK ]
> Mysql user password:jpiasfadf324234jcW [ OK ]
> Mysql server ip:localhost [ OK ]
> Mysql server port:3306 [ OK ]
> Mysql root user name:root [ OK ]
> Mysql root user password:lkjeroiuwer [ OK ]
> Using specified cluster management server node IP 10.100.10.10 [ OK ]
> Checking Cloud database files ... [ OK ]
> Checking local machine hostname ... [ OK ]
> Checking SELinux setup ... WARNING: We detected that your SELinux is not configured in
permissive. to make sure cloudstack won't block by SELinux after system reboot, we strongly
suggest you setting it in permissive in /etc/selinux/config, then reboot the machine.
> [ OK ]
> Preparing /etc/cloudstack/management/db.properties [ OK ]
> Applying /usr/share/cloudstack-management/setup/create-database.sql [ OK ]
> Applying /usr/share/cloudstack-management/setup/create-schema.sql [ OK ]
> Applying /usr/share/cloudstack-management/setup/create-database-premium.sql [ OK ]
> Applying /usr/share/cloudstack-management/setup/create-schema-premium.sql [ OK ]
> Applying /usr/share/cloudstack-management/setup/server-setup.sql [ OK ]
> Applying /usr/share/cloudstack-management/setup/templates.sql [ OK ]
> Applying /usr/share/cloudstack-bridge/setup/cloudbridge_db.sql [ OK ]
> Applying /usr/share/cloudstack-bridge/setup/cloudbridge_schema.sql [ OK ]
> Applying /usr/share/cloudstack-bridge/setup/cloudbridge_multipart.sql [ OK ]
> Applying /usr/share/cloudstack-bridge/setup/cloudbridge_index.sql [ OK ]
> Applying /usr/share/cloudstack-bridge/setup/cloudbridge_multipart_alter.sql [ OK ]
> Applying /usr/share/cloudstack-bridge/setup/cloudbridge_bucketpolicy.sql [ OK ]
> Applying /usr/share/cloudstack-bridge/setup/cloudbridge_policy_alter.sql [ OK ]
> Applying /usr/share/cloudstack-bridge/setup/cloudbridge_offering.sql [ OK ]
> Applying /usr/share/cloudstack-bridge/setup/cloudbridge_offering_alter.sql [ OK ]
> Processing encryption ... Traceback (most recent call last):
> File "/usr/bin/cloudstack-setup-databases", line 607, in <module>
> o.run()
> File "/usr/bin/cloudstack-setup-databases", line 596, in run
> self.processEncryptionStuff()
> File "/usr/bin/cloudstack-setup-databases", line 433, in processEncryptionStuff
> encryptDBSecretKey()
> File "/usr/bin/cloudstack-setup-databases", line 417, in encryptDBSecretKey
> self.putDbProperty('db.cloud.encrypt.secret', formatEncryptResult(encrypt(self.dbsecretkey)))
> File "/usr/bin/cloudstack-setup-databases", line 407, in encrypt
> return runCmd(cmd).strip('\n')
> File "/usr/bin/cloudstack-setup-databases", line 51, in runCmd
> raise Exception(stderr)
> Exception: /bin/sh: Cugasdfsdf: No such file or directory
> Looks like this is caused by no escaping at line 406 in cloudstack-setup-databases.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message