| Summary: | Guests built for VMware allow ssh as root with default password | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Retired] CloudForms Cloud Engine | Reporter: | Matt Wagner <matt.wagner> | ||||
| Component: | imagefactory | Assignee: | Ian McLeod <imcleod> | ||||
| Status: | CLOSED ERRATA | QA Contact: | wes hayutin <whayutin> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 1.0.0 | CC: | akarol, athomas, clalance, dajohnso, deltacloud-maint, jrd, ssachdev | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | |||||||
| : | 719377 (view as bug list) | Environment: | |||||
| Last Closed: | 2012-05-15 20:08:05 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
|
Description
Matt Wagner
2011-07-01 13:57:25 UTC
So the thing is that Oz already has the ability to set the root password at build time, via the <rootpw> tag (see the RelaxNG schema for the right placement). I'm thinking that we should "enforce" this tag at the imagefactory level by not accepting builds unless they have this tag set. That will at least make sure that builds coming from the factory aren't insecure by default. Chris Lalancette sounds like a doc issue for beta release notes making sure all the bugs are at the right version for future queries Created attachment 532113 [details]
ss - blank passwd
screen shot of blank passwd in template description.
I'm assuming that is ok
[root@qeblade30 ~]# rpm -qa | grep imagefactory
rubygem-imagefactory-console-0.5.0-4.20110824113238gitd9debef.el6.noarch
imagefactory-jeosconf-ec2-rhel-0.8.0-1.el6.noarch
imagefactory-jeosconf-ec2-fedora-0.8.0-1.el6.noarch
imagefactory-0.8.0-1.el6.noarch
[root@qeblade30 ~]#
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2012-0588.html |