[Openstack-security] [Bug 1319943] Re: libvirt driver's to_xml method logs iscsi auth_password if debug
OpenStack Infra
1319943 at bugs.launchpad.net
Tue Aug 5 08:21:53 UTC 2014
Reviewed: https://review.openstack.org/99536
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=14080812961e5a2f6a7054a45d2afa013e4f3899
Submitter: Jenkins
Branch: stable/icehouse
commit 14080812961e5a2f6a7054a45d2afa013e4f3899
Author: Matt Riedemann <mriedem at us.ibm.com>
Date: Thu May 15 12:22:19 2014 -0700
Mask block_device_info auth_password in virt driver debug logs
The block_device_info object can have an auth_password key which is
getting logged at debug level in several virt drivers so we need to
sanitize the message getting logged.
Adds tests to ensure the logged messages are properly sanitized.
Note that bug 1321785 was opened to track the long-term design issues
with storing the password in the block_device_info dict since this can
crop up elsewhere if it's logged. The immediate fix here is to mask
what's already exposed.
Closes-Bug: #1319943
(cherry picked from commit 5dda3a6ab2becb5dd0b58c088f6daad807e12276)
Conflicts:
nova/tests/virt/libvirt/test_libvirt.py
nova/tests/virt/vmwareapi/test_vmops.py
Change-Id: I0eae07ce3f0f39861eb97ec3dec44895386c7d04
** Changed in: nova/icehouse
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1319943
Title:
libvirt driver's to_xml method logs iscsi auth_password if debug
Status in OpenStack Compute (Nova):
Fix Released
Status in OpenStack Compute (nova) icehouse series:
Fix Committed
Bug description:
If you have debug logging enabled the libvirt driver's to_xml method
logs the iscsi auth_password in plain text.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1319943/+subscriptions
More information about the Openstack-security
mailing list