osdir.com

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Openstack-security] [Bug 1761054] Re: nova log expose password when swapvolume


Reviewed:  https://review.openstack.org/561850
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=978066fe31a5331f143a05e1fd753c729b2dcf09
Submitter: Zuul
Branch:    stable/pike

commit 978066fe31a5331f143a05e1fd753c729b2dcf09
Author: jichenjc <jichenjc at cn.ibm.com>
Date:   Wed Apr 4 13:26:01 2018 +0800

    Avoid showing password in log
    
    per bug indicated, the password is shown in the log.
    
    https://github.com/openstack/oslo.utils/blob/master/oslo_utils/strutils.py#L295
    indicated auth_password can be masked through mask_password method.
    
    Conflicts:
            nova/compute/manager.py
    
    NOTE(lyarwood): Conflicts caused by Ica323b87fa85a454fca9d46ada3677f18fe50022
    and Ifc01dbf98545104c998ab96f65ff8623a6db0f28 not being present in Pike.
    Additionally If12e7860baad2899380f06144a0270784a5466b8 was not present
    in Queens but landed in Pike and Ocata as a stable only change.
    
    Change-Id: I725eea1866642b40cc6b065ed0e8aefb91ca2889
    Closes-Bug: 1761054
    (cherry picked from commit 1b61d6c08c7c86834acab45320230824b88d529c)
    (cherry picked from commit df90dfd5cdf76c65b8d8a539d79e384c82c8428c)


** Tags added: in-stable-pike

-- 
You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1761054

Title:
  nova log expose password when swapvolume

Status in OpenStack Compute (nova):
  Fix Released
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  http://logs.openstack.org/50/557150/6/check/tempest-
  full/1f9c9f2/controller/logs/screen-n-cpu.txt.gz#_Mar_30_08_37_13_371323

  u'auth_password': u'8KigD3KKykJkJixs', u'auth_username':
  u'6m4wAHCZVqFfTQaF4eZu',

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1761054/+subscriptions