Bug 794739 - imagefactory does not redact all sensitive information from logs
Summary: imagefactory does not redact all sensitive information from logs
Keywords:
Status: CLOSED DUPLICATE of bug 795935
Alias: None
Product: CloudForms Cloud Engine
Classification: Retired
Component: imagefactory
Version: 1.0.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: rc
Assignee: Ian McLeod
QA Contact: Martin Kočí
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-02-17 13:55 UTC by Brad P. Crochet
Modified: 2012-03-07 19:26 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-03-07 19:26:09 UTC


Attachments (Terms of Use)

Description Brad P. Crochet 2012-02-17 13:55:03 UTC
There are still some instances of log messages from imagefactory, especially when debug is on, that have sensitive information (passwords for providers, root passwords, etc) that are not redacted. A thorough review should be done of all log messages to make sure that no sensitive information is written.

Example:

2012-02-17 00:16:47,919 DEBUG imgfac.builders.BaseBuilder.RHEL5_rhevm_Builder thread(97eeea56) Message: Produced provider json: 
{
    "apipass": "REDACTED", 
    "apiurl": "https://qeblade26.rhq.lab.eng.bos.redhat.com:8443/api", 
    "apiuser": "admin@internal", 
    "cluster": "_any_", 
    "image": "/tmp/97eeea56-ff71-437e-bc57-b298064293fd", 
    "name": "rhevm", 
    "nfsdir": "/mnt/rhevm-nfs", 
    "nfshost": "qeblade26.rhq.lab.eng.bos.redhat.com", 
    "nfspath": "/home/blade27_export", 
    "password": "mypassword", 
    "target": "rhevm", 
    "timeout": 1800, 
    "username": "admin@internal"
}


In this case, the apipass is redacted, but the password later on is not.

I will add more examples as I find them.

Comment 1 jrd 2012-02-21 15:02:22 UTC
Are the logs accessable to non-root or non-admin users?  If not, it's not clear to me that this needs to be fixed for 1.0.  If so, then we probably should.  Wes/Hugh, opinions on that point?

Ian, difficulty assessment?

Comment 2 Brad P. Crochet 2012-02-22 20:32:05 UTC
[root@qeblade33 log]# ls -l imagefactory.log 
-rw-rw-rw-. 1 root root 30755 Feb 22 14:48 imagefactory.log

The log needs to be locked down by default (will open a separate issue for that) and/or the info should be redacted. Ideally, both.

Comment 3 Hugh Brock 2012-02-27 17:12:35 UTC
Ian, is this an easy fix? If so let's fix it (set dev_ack please), if not please move to 1.1.0 and fix the log file permissions.

Comment 4 Ian McLeod 2012-03-07 19:26:09 UTC
The log issue was reported again (and fixed) here:

https://bugzilla.redhat.com/show_bug.cgi?id=796417

The passwords in the log are actually the result of adding unused and unnecessary fields to the JSON config file.  That is being tracked (and again, seems to be fixed) here:

https://bugzilla.redhat.com/show_bug.cgi?id=795935

Since the password issue was the original bug reported here, I'll mark this one a dupe of 795935

*** This bug has been marked as a duplicate of bug 795935 ***


Note You need to log in before you can comment on or make changes to this bug.