Bug 1390343

Summary: trace args debug logging must be more restrictive
Product: Red Hat Enterprise Linux 7 Reporter: Tom Lavigne <tlavigne>
Component: 389-ds-baseAssignee: Noriko Hosoi <nhosoi>
Status: CLOSED ERRATA QA Contact: Viktor Ashirov <vashirov>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 7.3CC: arubin, enewland, lkrispen, mkolaja, mmuehlfe, msauton, nhosoi, nkinder, rmeggins, spichugi, tlavigne
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: Unspecified   
OS: All   
Whiteboard:
Fixed In Version: 389-ds-base-1.3.5.10-12.el7_3 Doc Type: Bug Fix
Doc Text:
Previously, when the "Trace function calls" option was enabled in the "nsslapd-errorlog-level" parameter, all attributes were logged into the Directory Server's error log file including attributes containing sensitive information. A patch has been applied to filter out values of sensitive attributes. As a result, sensitive information are no longer written to the log files.
 Story Points: ---
Clone Of: 1387771 Environment:
Last Closed: 2016-12-06 17:04:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1387771    
Bug Blocks:    

Description Tom Lavigne 2016-10-31 18:23:41 UTC 
This bug has been copied from bug #1387771 and has been proposed
to be backported to 7.3 z-stream (EUS).
Comment 4 Simon Pichugin 2016-11-10 13:54:49 UTC 
Ludwig, can you please clarify the verification steps?
Comment 10 Marc Muehlfeld 2016-11-14 12:54:08 UTC 
Noriko, can you please review my draft for the Erratum problem description in the Doc Text field? Thanks.
Comment 11 Ludwig 2016-11-14 12:59:58 UTC 
as Simon found, the attribute name us still logged, which is not critical. But I would change taht part of the doc text to: 
"A patch has been applied to filter out values of sensitive attributes"
Comment 12 Noriko Hosoi 2016-11-14 19:29:26 UTC 
(In reply to Marc Muehlfeld from comment #10)
> Noriko, can you please review my draft for the Erratum problem description
> in the Doc Text field? Thanks.

Thanks reviewing the doc, Ludwig.

Marc, could you please apply Ludwig's suggestion?  Thanks!
Comment 14 errata-xmlrpc 2016-12-06 17:04:25 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2879.html