[Openstack-security] [openstack/oslo-incubator] SecurityImpact review request change I2912ad7efc10b065c954fd198325305f81a8c6ec
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Mon Jul 21 13:23:48 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/108215
Log:
commit 6aa696cba21fc2b45c940958a0569e8ed995a496
Author: Amrith Kumar <amrith at tesora.com>
Date: Sat Jul 19 19:15:48 2014 -0400
Mask any password in exception command string
Currently the command executed by processutils.execute
is included in the exception (if one is generated). This
could contain passwords and other information that could
represent a security vulnerability.
Also added a test for this, ensuring that stdout and
stderr contain the expected text, and that the password
is obscured from the command that is part of the exception.
OSSO is aware of this change.
Change-Id: I2912ad7efc10b065c954fd198325305f81a8c6ec
Closes-Bug: #1343604
SecurityImpact:
More information about the Openstack-security
mailing list