[AMBARI-20825] check_ambari_permissions.py does not run for all the files and directories listed - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: trunk, 2.5.0, 2.4.2
Fix Version/s: trunk, 2.5.0
Component/s: None
Labels:
None

Description

ambari-server/src/main/resources/scripts/check_ambari_permissions.py script introduced in branch 2.5.0 and published here (https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.5.0) to solve Public Vulnerability:
https://nvd.nist.gov/vuln/detail/CVE-2017-5642
only works partially.
There is a bug and it will only handle the last directory/file when there are multiple directories/files listed.
So the vulnerability is not totally resolved.
For example files under /etc/ambari-server/conf/ ~~such as ambari.properties~~ are not revised

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

AMBARI-20825.patch
21/Apr/17 23:43
3 kB
Juanjo Marron

Issue Links

links to

Activity

People

Assignee:: Juanjo Marron

Reporter:: Juanjo Marron

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 21/Apr/17 23:04

Updated:: 04/May/17 01:48

Resolved:: 04/May/17 01:48