[jira] [Created] (CLOUDSTACK-4886) cloud-setup-databases not escaping password in shell commands

Wed, 16 Oct 2013 17:08:39 -0700 

John Kinsella created CLOUDSTACK-4886:
-----------------------------------------

             Summary: cloud-setup-databases not escaping password in shell 
commands
                 Key: CLOUDSTACK-4886
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-4886
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
    Affects Versions: 4.2.0
            Reporter: John Kinsella
             Fix For: 4.2.1


When initializing a new ACS database, the database key is not being properly 
escaped when passed back to shell commands. I haven't tested the other keys 
passed into this command, yet.

(Passwords below are not real, but the < character and resulting error is what 
was encountered)

root@acsmgmt01 ACS# cloudstack-setup-databases 
cloud:jpiasfadf324234jcW@localhost --deploy-as=root:lkjeroiuwer -e file -m 
'asdflkjasdflkjwer' -k 'sfsd<Cugasdfsdf' -i 10.100.10.10
Mysql user name:cloud [ OK ]
Mysql user password:jpiasfadf324234jcW [ OK ]
Mysql server ip:localhost [ OK ]
Mysql server port:3306 [ OK ]
Mysql root user name:root [ OK ]
Mysql root user password:lkjeroiuwer [ OK ]
Using specified cluster management server node IP 10.100.10.10 [ OK ]
Checking Cloud database files ... [ OK ]
Checking local machine hostname ... [ OK ]
Checking SELinux setup ... WARNING: We detected that your SELinux is not 
configured in permissive. to make sure cloudstack won't block by SELinux after 
system reboot, we strongly suggest you setting it in permissive in 
/etc/selinux/config, then reboot the machine.
[ OK ]
Preparing /etc/cloudstack/management/db.properties [ OK ]
Applying /usr/share/cloudstack-management/setup/create-database.sql [ OK ]
Applying /usr/share/cloudstack-management/setup/create-schema.sql [ OK ]
Applying /usr/share/cloudstack-management/setup/create-database-premium.sql [ 
OK ]
Applying /usr/share/cloudstack-management/setup/create-schema-premium.sql [ OK ]
Applying /usr/share/cloudstack-management/setup/server-setup.sql [ OK ]
Applying /usr/share/cloudstack-management/setup/templates.sql [ OK ]
Applying /usr/share/cloudstack-bridge/setup/cloudbridge_db.sql [ OK ]
Applying /usr/share/cloudstack-bridge/setup/cloudbridge_schema.sql [ OK ]
Applying /usr/share/cloudstack-bridge/setup/cloudbridge_multipart.sql [ OK ]
Applying /usr/share/cloudstack-bridge/setup/cloudbridge_index.sql [ OK ]
Applying /usr/share/cloudstack-bridge/setup/cloudbridge_multipart_alter.sql [ 
OK ]
Applying /usr/share/cloudstack-bridge/setup/cloudbridge_bucketpolicy.sql [ OK ]
Applying /usr/share/cloudstack-bridge/setup/cloudbridge_policy_alter.sql [ OK ]
Applying /usr/share/cloudstack-bridge/setup/cloudbridge_offering.sql [ OK ]
Applying /usr/share/cloudstack-bridge/setup/cloudbridge_offering_alter.sql [ OK 
]
Processing encryption ... Traceback (most recent call last):
File "/usr/bin/cloudstack-setup-databases", line 607, in <module>
o.run()
File "/usr/bin/cloudstack-setup-databases", line 596, in run
self.processEncryptionStuff()
File "/usr/bin/cloudstack-setup-databases", line 433, in processEncryptionStuff
encryptDBSecretKey()
File "/usr/bin/cloudstack-setup-databases", line 417, in encryptDBSecretKey
self.putDbProperty('db.cloud.encrypt.secret', 
formatEncryptResult(encrypt(self.dbsecretkey)))
File "/usr/bin/cloudstack-setup-databases", line 407, in encrypt
return runCmd(cmd).strip('\n')
File "/usr/bin/cloudstack-setup-databases", line 51, in runCmd
raise Exception(stderr)
Exception: /bin/sh: Cugasdfsdf: No such file or directory

Looks like this is caused by no escaping at line 406 in 
cloudstack-setup-databases.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Reply via email to