[Openstack-security] [Bug 1320028] Fix merged to nova (master)

OpenStack Infra 1320028 at bugs.launchpad.net
Fri Jun 27 21:39:25 UTC 2014 

Reviewed:  https://review.openstack.org/102594
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=eb7b63d79d28581a7dd23645488de323b99f8463
Submitter: Jenkins
Branch:    master

commit eb7b63d79d28581a7dd23645488de323b99f8463
Author: Matt Riedemann <mriedem at us.ibm.com>
Date:   Wed Jun 25 09:20:25 2014 -0700

    Sync log and processutils from oslo
    
    This is mainly to pick up two changes in processutils:
    
    85f1784 Move nova.utils.cpu_count() to processutils module
    cdcc19c Mask passwords that are included in commands
    
    Commit cdcc19c touches the log module so when copying processutils over
    we also copy log, otherwise no other dependencies are copied.  Going
    through the commit history on both and the diff from nova, there are no
    other commits sync'ed over that require changes to other dependent
    modules.
    
    Commit 85f1784 is targeted so we can remove the redundant code from
    nova.utils.
    
    Changes:
    
    processutils
    ------------
    85f1784 Move nova.utils.cpu_count() to processutils module
    cdcc19c Mask passwords that are included in commands
    8a0f567 Remove str() from LOG.* and exceptions
    51778f9 Allow passing environment variables to execute()
    
    log
    ---
    109e325 Use oslo.messaging to publish log errors
    de4adbc pep8: fixed multiple violations
    eac71f5 Fix common.log.ContextFormatter for Python 3
    d78b633 Fixes a simple spelling mistake
    621d831 always log a traceback in the sys.excepthook
    90ae24b Remove redundant default=None for config options
    af36c2a Fix logging setup for Python 3.4
    cdcc19c Mask passwords that are included in commands
    
    Partial-Bug: #1320028
    Related-Bug: #1333370
    
    Change-Id: I8d12661782e8ad065b01aa582e42c142cc2f4076

-- 
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1320028

Title:
  libvirt volume.py's _run_iscsiadm function logs iscsi
  node.session.auth.password if debug

Status in OpenStack Compute (Nova):
  In Progress
Status in Oslo - a Library of Common OpenStack Code:
  Fix Committed

Bug description:
  If debug logging is enabled, the  _run_iscsiadm function in volume.py
  logs the iscsi node.session.auth.password in plain text.

  2014-05-13 08:12:21.915 29013 DEBUG nova.virt.libvirt.volume [req-
  d21bb680-feb9-4242-9d18-057af79d26e8 0
  3112d0d7268b458bb5c997c33cd8a8c0] iscsiadm ('--op', 'update', '-n',
  'node.session.auth.password', '-v', u'password'): stdout= stderr=
  _run_iscsiadm /usr/lib/python2.7/site-
  packages/nova/virt/libvirt/volume.py:248

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1320028/+subscriptions

More information about the Openstack-security mailing list