| Summary: | imagefactory does not redact all sensitive information from logs | ||
|---|---|---|---|
| Product: | [Retired] CloudForms Cloud Engine | Reporter: | Brad P. Crochet <brad> |
| Component: | imagefactory | Assignee: | Ian McLeod <imcleod> |
| Status: | CLOSED DUPLICATE | QA Contact: | Martin Kočí <mkoci> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 1.0.0 | CC: | akarol, brad, dajohnso, deltacloud-maint, dgao, ftaylor, hbrock, jrd, ssachdev, whayutin |
| Target Milestone: | rc | Keywords: | Triaged |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-03-07 19:26:09 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Are the logs accessable to non-root or non-admin users? If not, it's not clear to me that this needs to be fixed for 1.0. If so, then we probably should. Wes/Hugh, opinions on that point? Ian, difficulty assessment? [root@qeblade33 log]# ls -l imagefactory.log -rw-rw-rw-. 1 root root 30755 Feb 22 14:48 imagefactory.log The log needs to be locked down by default (will open a separate issue for that) and/or the info should be redacted. Ideally, both. Ian, is this an easy fix? If so let's fix it (set dev_ack please), if not please move to 1.1.0 and fix the log file permissions. The log issue was reported again (and fixed) here: https://bugzilla.redhat.com/show_bug.cgi?id=796417 The passwords in the log are actually the result of adding unused and unnecessary fields to the JSON config file. That is being tracked (and again, seems to be fixed) here: https://bugzilla.redhat.com/show_bug.cgi?id=795935 Since the password issue was the original bug reported here, I'll mark this one a dupe of 795935 *** This bug has been marked as a duplicate of bug 795935 *** |
There are still some instances of log messages from imagefactory, especially when debug is on, that have sensitive information (passwords for providers, root passwords, etc) that are not redacted. A thorough review should be done of all log messages to make sure that no sensitive information is written. Example: 2012-02-17 00:16:47,919 DEBUG imgfac.builders.BaseBuilder.RHEL5_rhevm_Builder thread(97eeea56) Message: Produced provider json: { "apipass": "REDACTED", "apiurl": "https://qeblade26.rhq.lab.eng.bos.redhat.com:8443/api", "apiuser": "admin@internal", "cluster": "_any_", "image": "/tmp/97eeea56-ff71-437e-bc57-b298064293fd", "name": "rhevm", "nfsdir": "/mnt/rhevm-nfs", "nfshost": "qeblade26.rhq.lab.eng.bos.redhat.com", "nfspath": "/home/blade27_export", "password": "mypassword", "target": "rhevm", "timeout": 1800, "username": "admin@internal" } In this case, the apipass is redacted, but the password later on is not. I will add more examples as I find them.