osdir.com

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Openstack-security] [Bug 1750074] Re: Cinder logs rabbitmq password on connection log


Reviewed:  https://review.openstack.org/548891
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=9ba486370b00e131086162265c4a0e7dd85bf8ec
Submitter: Zuul
Branch:    stable/ocata

commit 9ba486370b00e131086162265c4a0e7dd85bf8ec
Author: Eric Harney <eharney at redhat.com>
Date:   Wed Feb 21 14:27:11 2018 -0500

    Log config options with oslo.config
    
    This removes some custom Cinder code which
    handles filtering secret config options in a flaky way.
    
    Filtering will now be based on the "secret=True" option
    flag.
    
    Related-Bug: #1750074
    Change-Id: I1c404b057d1471c85bd7eaf5c096f5912293460a
    (cherry picked from commit 7d278042c5280e40d5ed68f504f45ef023f05e18)
    (cherry picked from commit 4bc52eb7ba35da9005c7d28c341b0ce408216572)


** Tags added: in-stable-ocata

-- 
You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1750074

Title:
  Cinder logs rabbitmq password on connection log

Status in Cinder:
  Fix Released
Status in Manila:
  Fix Released
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  Cinder may log rabbitmq password on connection when DEBUG is on.

  Example on cinder-scheduler.log file after enabling DEBUG:
  (Password has been replaced with XXX)

  2018-02-05 19:21:52.721 35 DEBUG cinder.service [req-a2dbe0dd-
  14c9-4123-a69a-3623e5f0a4d7 - - - - -] transport_url :
  rabbit://guest:XXX at 10.10.10.1:5672,guest:XXX at 10.10.10.2:5672,guest:XXX at 10.10.10.3:5672
  wait /usr/lib/python2.7/site-packages/cinder/service.py:611

  In a production environment, this is pretty bad.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1750074/+subscriptions