[Openstack-security] [Bug 1320028] Re: libvirt volume.py's _run_iscsiadm function logs iscsi node.session.auth.password if debug
OpenStack Infra
1320028 at bugs.launchpad.net
Sat Jul 19 01:57:48 UTC 2014
Reviewed: https://review.openstack.org/93850
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=54458334136b284bb0c45373e7cacf5c1fa0ab99
Submitter: Jenkins
Branch: master
commit 54458334136b284bb0c45373e7cacf5c1fa0ab99
Author: Brad Pokorny <bpokorny at us.ibm.com>
Date: Fri May 16 03:59:36 2014 +0000
Mask node.session.auth.password in volume.py _run_iscsiadm debug logs
The iscsi_command object passed to _run_iscsiadm can contain passwords
that get logged at debug level, so we need to sanitize the message
getting logged.
Adds a test to ensure the logged message is properly sanitized.
Closes-Bug: #1320028
Change-Id: I33f1a5b698368504721b41e56266162a713b3ce6
** Changed in: nova
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1320028
Title:
libvirt volume.py's _run_iscsiadm function logs iscsi
node.session.auth.password if debug
Status in OpenStack Compute (Nova):
Fix Committed
Status in Oslo - a Library of Common OpenStack Code:
Fix Committed
Bug description:
If debug logging is enabled, the _run_iscsiadm function in volume.py
logs the iscsi node.session.auth.password in plain text.
2014-05-13 08:12:21.915 29013 DEBUG nova.virt.libvirt.volume [req-
d21bb680-feb9-4242-9d18-057af79d26e8 0
3112d0d7268b458bb5c997c33cd8a8c0] iscsiadm ('--op', 'update', '-n',
'node.session.auth.password', '-v', u'password'): stdout= stderr=
_run_iscsiadm /usr/lib/python2.7/site-
packages/nova/virt/libvirt/volume.py:248
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1320028/+subscriptions
More information about the Openstack-security
mailing list