Bug 790402
Summary: | sosreport should blank root password in anaconda plugin | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Philip Rowlands <phr> |
Component: | sos | Assignee: | Bryn M. Reeves <bmr> |
Status: | CLOSED ERRATA | QA Contact: | David Kutálek <dkutalek> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.2 | CC: | agk, bmr, dkutalek, gavin, prc |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | sos-2.2-18.el6 | Doc Type: | Bug Fix |
Doc Text: |
* Previous versions of the sos anaconda module would not elide password configuration from collected kickstart configuration files
* This may lead to unintended disclosure of these password settings
* The sosreport command now applies a string substitution when collection these files to ensure passwords are obscured
* Generated reports no longer include this possibly sensitive information while still retaining important diagnostic data from the module
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2012-06-20 07:25:42 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 826884 |
Description
Philip Rowlands
2012-02-14 12:46:37 UTC
Correction: this should be fixed in both the anaconda and general plugins, which both collect /root/anaconda-ks.cfg. Alternatively take it out of general, as the anaconda plugin is enabled by default. Thanks for the suggested patch. Agreed, I don't think there's any need to collect this in the general module (generally we're trying to reduce the number of duplicated path copy specs as they potentially mask bugs). The proposed regex substitution seems fine. I'll get this posted upstream and queued for an update. Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: * Previous versions of the sos anaconda module would not elide password configuration from collected kickstart configuration files * This may lead to unintended disclosure of these password settings * The sosreport command now applies a string substitution when collection these files to ensure passwords are obscured * Generated reports no longer include this possibly sensitive information while still retaining important diagnostic data from the module Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2012-0958.html |