[Openstack-security] [Bug 1320028] Re: libvirt volume.py's _run_iscsiadm function logs iscsi node.session.auth.password if debug
OpenStack Infra
1320028 at bugs.launchpad.net
Tue May 20 19:36:05 UTC 2014
Reviewed: https://review.openstack.org/94109
Committed: https://git.openstack.org/cgit/openstack/oslo-incubator/commit/?id=cdcc19c1d78a4a88daabfb64b27abd4924aa442d
Submitter: Jenkins
Branch: master
commit cdcc19c1d78a4a88daabfb64b27abd4924aa442d
Author: Brad Pokorny <bpokorny at us.ibm.com>
Date: Sun May 18 18:26:33 2014 +0000
Mask passwords that are included in commands
The current password masking doesn't scrub passwords from commands
that may be written to log files. This commit adds support for
scrubbing passwords provided as options with commands.
Adds tests to ensure commands are properly sanitized.
Change-Id: I37b9a80142ec5dcadb731332d8c5f494bdc7bfc1
Closes-Bug: #1320028
** Changed in: oslo
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1320028
Title:
libvirt volume.py's _run_iscsiadm function logs iscsi
node.session.auth.password if debug
Status in OpenStack Compute (Nova):
In Progress
Status in Oslo - a Library of Common OpenStack Code:
Fix Committed
Bug description:
If debug logging is enabled, the _run_iscsiadm function in volume.py
logs the iscsi node.session.auth.password in plain text.
2014-05-13 08:12:21.915 29013 DEBUG nova.virt.libvirt.volume [req-
d21bb680-feb9-4242-9d18-057af79d26e8 0
3112d0d7268b458bb5c997c33cd8a8c0] iscsiadm ('--op', 'update', '-n',
'node.session.auth.password', '-v', u'password'): stdout= stderr=
_run_iscsiadm /usr/lib/python2.7/site-
packages/nova/virt/libvirt/volume.py:248
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1320028/+subscriptions
More information about the Openstack-security
mailing list