1390343 – trace args debug logging must be more restrictive

Bug 1390343 - trace args debug logging must be more restrictive

Summary: trace args debug logging must be more restrictive

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	389-ds-base
Sub Component:
Version:	7.3
Hardware:	Unspecified
OS:	All
Priority:	urgent
Severity:	urgent
Target Milestone:	rc
Target Release:	---
Assignee:	Noriko Hosoi
QA Contact:	Viktor Ashirov
Docs Contact:
URL:
Whiteboard:
Depends On:	1387771
Blocks:
TreeView+	depends on / blocked

Reported:	2016-10-31 18:23 UTC by Tom Lavigne
Modified:	2020-09-13 21:52 UTC (History)
CC List:	11 users (show)
Fixed In Version:	389-ds-base-1.3.5.10-12.el7_3
Doc Type:	Bug Fix
Doc Text:	Previously, when the "Trace function calls" option was enabled in the "nsslapd-errorlog-level" parameter, all attributes were logged into the Directory Server's error log file including attributes containing sensitive information. A patch has been applied to filter out values of sensitive attributes. As a result, sensitive information are no longer written to the log files.
Clone Of:	1387771
Environment:
Last Closed:	2016-12-06 17:04:25 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	389ds 389-ds-base issues 2068	0	None	None	None	2020-09-13 21:52:14 UTC
Red Hat Product Errata	RHBA-2016:2879	0	normal	SHIPPED_LIVE	389-ds-base bug fix update	2016-12-06 22:00:22 UTC

Description Tom Lavigne 2016-10-31 18:23:41 UTC

This bug has been copied from bug #1387771 and has been proposed
to be backported to 7.3 z-stream (EUS).

Comment 4 Simon Pichugin 2016-11-10 13:54:49 UTC

Ludwig, can you please clarify the verification steps?

Comment 10 Marc Muehlfeld 2016-11-14 12:54:08 UTC

Noriko, can you please review my draft for the Erratum problem description in the Doc Text field? Thanks.

Comment 11 Ludwig 2016-11-14 12:59:58 UTC

as Simon found, the attribute name us still logged, which is not critical. But I would change taht part of the doc text to: 
"A patch has been applied to filter out values of sensitive attributes"

Comment 12 Noriko Hosoi 2016-11-14 19:29:26 UTC

(In reply to Marc Muehlfeld from comment #10)
> Noriko, can you please review my draft for the Erratum problem description
> in the Doc Text field? Thanks.

Thanks reviewing the doc, Ludwig.

Marc, could you please apply Ludwig's suggestion?  Thanks!

Comment 14 errata-xmlrpc 2016-12-06 17:04:25 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2879.html

Note You need to log in before you can comment on or make changes to this bug.