[Openstack-security] [Bug 1319943] Re: libvirt driver's to_xml method logs iscsi auth_password if debug

OpenStack Infra 1319943 at bugs.launchpad.net
Tue May 27 17:43:10 UTC 2014 

Reviewed:  https://review.openstack.org/93787
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=5dda3a6ab2becb5dd0b58c088f6daad807e12276
Submitter: Jenkins
Branch:    master

commit 5dda3a6ab2becb5dd0b58c088f6daad807e12276
Author: Matt Riedemann <mriedem at us.ibm.com>
Date:   Thu May 15 12:22:19 2014 -0700

    Mask block_device_info auth_password in virt driver debug logs
    
    The block_device_info object can have an auth_password key which is
    getting logged at debug level in several virt drivers so we need to
    sanitize the message getting logged.
    
    Adds tests to ensure the logged messages are properly sanitized.
    
    Note that bug 1321785 was opened to track the long-term design issues
    with storing the password in the block_device_info dict since this can
    crop up elsewhere if it's logged.  The immediate fix here is to mask
    what's already exposed.
    
    Closes-Bug: #1319943
    
    Change-Id: I0eae07ce3f0f39861eb97ec3dec44895386c7d04


** Changed in: nova
       Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1319943

Title:
  libvirt driver's to_xml method logs iscsi auth_password if debug

Status in OpenStack Compute (Nova):
  Fix Committed

Bug description:
  If you have debug logging enabled the libvirt driver's to_xml method
  logs the iscsi auth_password in plain text.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1319943/+subscriptions

More information about the Openstack-security mailing list