Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
-
None
Description
Issue Overview
A security vulnerability has been identified where the `columnstoreAlias.sh` script is currently installed in `/etc/profile.d/`. Scripts in this directory are sourced by all users on the system upon login.
The Vulnerability
The aliases created by this script utilize direct `curl` commands to the ColumnStore API, which include the API key in the command string.
- Because these aliases are loaded globally, any unprivileged user on the system inherits these aliases.
- This allows unprivileged users to execute administrative actions (such as starting or stopping the cluster) without proper authentication or `sudo` privileges.
Reference
- Support Ticket: #224453
Acceptance Criteria
To resolve this issue, one of the following solutions must be implemented:
1. Restrict Access: Move the `columnstoreAlias.sh` script so it is only loaded for the root user (remove from global `/etc/profile.d/`).
2. Refactor Aliases: Update the alias commands to use the `mcs` command syntax (which handles auth securely) instead of using raw `curl` commands with hardcoded API keys.