[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[Openstack-security] [Bug 1750074] Related fix merged to manila (stable/pike)
Reviewed: https://review.openstack.org/549989
Committed: https://git.openstack.org/cgit/openstack/manila/commit/?id=19aeba1f63f4e864eebda61bf16a078055c79cb0
Submitter: Zuul
Branch: stable/pike
commit 19aeba1f63f4e864eebda61bf16a078055c79cb0
Author: Dustin Schoenbrun <dschoenb at redhat.com>
Date: Wed Feb 21 17:02:31 2018 -0500
Log config options with oslo.config
This removes some custom code inherited from Cinder which was handling
the output of secret options in a bad way. This patch utilizes Oslo's
existing utilities to output the Manila configuration options securely.
Filtering will be done with the "secret=True" option flag.
Major thanks to Eric Harney for introducing this fix to Cinder.
Change-Id: I894e011680661c0b73b9592f70a6457e403f18c6
Related-Bug: #1750074
(cherry picked from commit 3d7909deb21a1f0be4cd6eca13dc9e8d070f71e2)
(cherry picked from commit 1949b403e9feb134d0fb2b9d65271292277351ee)
--
You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1750074
Title:
Cinder logs rabbitmq password on connection log
Status in Cinder:
Fix Released
Status in Manila:
Fix Released
Status in OpenStack Security Advisory:
Won't Fix
Bug description:
Cinder may log rabbitmq password on connection when DEBUG is on.
Example on cinder-scheduler.log file after enabling DEBUG:
(Password has been replaced with XXX)
2018-02-05 19:21:52.721 35 DEBUG cinder.service [req-a2dbe0dd-
14c9-4123-a69a-3623e5f0a4d7 - - - - -] transport_url :
rabbit://guest:XXX at 10.10.10.1:5672,guest:XXX at 10.10.10.2:5672,guest:XXX at 10.10.10.3:5672
wait /usr/lib/python2.7/site-packages/cinder/service.py:611
In a production environment, this is pretty bad.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1750074/+subscriptions