Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New --expose-secrets option plus SECRET_OUTPUT_DEV #3006

Merged
merged 4 commits into from Jun 15, 2023
Merged

New --expose-secrets option plus SECRET_OUTPUT_DEV #3006

merged 4 commits into from Jun 15, 2023

Conversation

jsmeix
Copy link
Member

@jsmeix jsmeix commented Jun 6, 2023

In sbin/rear added --expose-secrets option
and SECRET_OUTPUT_DEV

@jsmeix
New --expose-secrets option plus SECRET_OUTPUT_DEV
2277572 
In sbin/rear added --expose-secrets option
and SECRET_OUTPUT_DEV, see
#2967
@jsmeix jsmeix added enhancement Adaptions and new features critical / security / legal labels Jun 6, 2023
@jsmeix jsmeix added this to the ReaR v2.8 milestone Jun 6, 2023
@jsmeix jsmeix self-assigned this Jun 6, 2023
@jsmeix
Update _input-output-functions.sh
49e4388 
Added LogSecret function
@jsmeix
Copy link
Member Author

jsmeix commented Jun 6, 2023
edited

For a first quick test I added at the beginning of
init/default/030_update_recovery_system.sh

if { grep --Q=SECRET FOO /etc/issue ; } 2>>/dev/$SECRET_OUTPUT_DEV ; then
    Log "'grep --Q=... FOO /etc/issue' succeeded"
else
    { LogSecret "'grep --Q=SECRET FOO /etc/issue' failed with exit code $?" ; } 2>>/dev/$SECRET_OUTPUT_DEV
    Error "'grep --Q=... FOO /etc/issue' failed"
fi
Error "END"

With that I get:

# usr/sbin/rear help
ERROR: 'grep --Q=... FOO /etc/issue' failed
Use debug mode '-d' for some debug messages or debugscript mode '-D' for full debug messages with 'set -x' output
Aborting due to an error, check /root/rear.github.master/var/log/rear/rear-linux-h9wr.log.lockless for details
Terminated

# cat var/log/rear/rear-linux-h9wr.log.lockless
2023-06-06 10:39:40.921634121 Including /root/rear.github.master/etc/rear/os.conf
2023-06-06 10:39:40.927053310 Including conf/Linux-i386.conf
2023-06-06 10:39:40.930470239 Including conf/GNU/Linux.conf
2023-06-06 10:39:42.483603709 Including conf/SUSE_LINUX.conf
2023-06-06 10:39:42.491462279 Including /root/rear.github.master/etc/rear/local.conf
2023-06-06 10:39:42.500051376 ======================
2023-06-06 10:39:42.505623913 Running 'init' stage
2023-06-06 10:39:42.509317818 ======================
2023-06-06 10:39:42.521962978 Including init/default/001_verify_config_arrays.sh
2023-06-06 10:39:42.897170714 Including init/default/005_verify_os_conf.sh
2023-06-06 10:39:42.903739112 Including init/default/010_EFISTUB_check.sh
2023-06-06 10:39:42.910867106 Including init/default/010_set_drlm_env.sh
2023-06-06 10:39:42.917733749 Including init/default/030_update_recovery_system.sh
2023-06-06 10:39:42.932570308 ERROR: 'grep --Q=... FOO /etc/issue' failed
2023-06-06 10:39:42.943469639 Exiting rear help (PID 18409) and its descendant processes ...
2023-06-06 10:39:45.991156739 rear,18409 usr/sbin/rear help
                                `-rear,19037 usr/sbin/rear help
                                    `-pstree,19038 -Aplau 18409
2023-06-06 10:39:46.058937907 Running exit tasks

# grep SECRET var/log/rear/rear-linux-h9wr.log.lockless
[no output]

# usr/sbin/rear -e help
ERROR: 'grep --Q=... FOO /etc/issue' failed
Some latest log messages since the last called script 030_update_recovery_system.sh:
  2023-06-06 10:40:25.837571143 'grep --Q=SECRET FOO /etc/issue' failed with exit code 2
Use debug mode '-d' for some debug messages or debugscript mode '-D' for full debug messages with 'set -x' output
Aborting due to an error, check /root/rear.github.master/var/log/rear/rear-linux-h9wr.log.lockless for details
Terminated

# cat var/log/rear/rear-linux-h9wr.log.lockless
2023-06-06 10:40:23.820080914 Including /root/rear.github.master/etc/rear/os.conf
2023-06-06 10:40:23.827143367 Including conf/Linux-i386.conf
2023-06-06 10:40:23.831520599 Including conf/GNU/Linux.conf
2023-06-06 10:40:25.428790063 Including conf/SUSE_LINUX.conf
2023-06-06 10:40:25.434168151 Including /root/rear.github.master/etc/rear/local.conf
2023-06-06 10:40:25.438380487 ======================
2023-06-06 10:40:25.441715924 Running 'init' stage
2023-06-06 10:40:25.445781793 ======================
2023-06-06 10:40:25.455339793 Including init/default/001_verify_config_arrays.sh
2023-06-06 10:40:25.811407644 Including init/default/005_verify_os_conf.sh
2023-06-06 10:40:25.818007982 Including init/default/010_EFISTUB_check.sh
2023-06-06 10:40:25.824585919 Including init/default/010_set_drlm_env.sh
2023-06-06 10:40:25.832158164 Including init/default/030_update_recovery_system.sh
2023-06-06 10:40:25.837571143 'grep --Q=SECRET FOO /etc/issue' failed with exit code 2
2023-06-06 10:40:25.853775614 ERROR: 'grep --Q=... FOO /etc/issue' failed
2023-06-06 10:40:25.865643238 Exiting rear help (PID 19076) and its descendant processes ...
2023-06-06 10:40:28.914081578 rear,19076 usr/sbin/rear -e help
                                `-rear,19708 usr/sbin/rear -e help
                                    `-pstree,19709 -Aplau 19076
2023-06-06 10:40:28.943383213 Running exit tasks

# grep SECRET var/log/rear/rear-linux-h9wr.log.lockless
2023-06-06 10:46:13.196338241 'grep --Q=SECRET FOO /etc/issue' failed with exit code 2

# usr/sbin/rear -D help
Running 'init' stage ======================
ERROR: 'grep --Q=... FOO /etc/issue' failed
Some latest log messages since the last called script 030_update_recovery_system.sh:
  2023-06-06 10:41:07.679328205 Entering debugscript mode via 'set -x'.
Aborting due to an error, check /root/rear.github.master/var/log/rear/rear-linux-h9wr.log.lockless for details
Exiting rear help (PID 19744) and its descendant processes ...
Running exit tasks
Terminated

# cat var/log/rear/rear-linux-h9wr.log.lockless
...
+ source /root/rear.github.master/usr/share/rear/init/default/030_update_recovery_system.sh
++ Error ''\''grep --Q=... FOO /etc/issue'\'' failed'
++ test -s /root/rear.github.master/var/log/rear/rear-linux-h9wr.log.lockless
++ PrintError 'ERROR: '\''grep --Q=... FOO /etc/issue'\'' failed'
++ test -s /root/rear.github.master/var/log/rear/rear-linux-h9wr.log.lockless
++ test '  2023-06-06 10:41:07.679328205 Entering debugscript mode via '\''set -x'\''.'
++ PrintError 'Some latest log messages since the last called script 030_update_recovery_system.sh:'
++ PrintError '  2023-06-06 10:41:07.679328205 Entering debugscript mode via '\''set -x'\''.'
++ test -f /dev/null
++ test 1
++ test 1
++ Log 'ERROR: '\''grep --Q=... FOO /etc/issue'\'' failed'
...

# grep SECRET var/log/rear/rear-linux-h9wr.log.lockless
[no output]

# usr/sbin/rear -e -D help
Running 'init' stage ======================
ERROR: 'grep --Q=... FOO /etc/issue' failed
Some latest log messages since the last called script 030_update_recovery_system.sh:
  2023-06-06 10:43:23.114764758 Entering debugscript mode via 'set -x'.
  grep: unrecognized option '--Q=SECRET'
  Usage: grep [OPTION]... PATTERN [FILE]...
  Try 'grep --help' for more information.
  2023-06-06 10:43:23.126348711 'grep --Q=SECRET FOO /etc/issue' failed with exit code 2
Aborting due to an error, check /root/rear.github.master/var/log/rear/rear-linux-h9wr.log.lockless for details
Exiting rear help (PID 20612) and its descendant processes ...
Running exit tasks
Terminated

# cat var/log/rear/rear-linux-h9wr.log.lockless
...
+ source /root/rear.github.master/usr/share/rear/init/default/030_update_recovery_system.sh
++ grep --Q=SECRET FOO /etc/issue
grep: unrecognized option '--Q=SECRET'
Usage: grep [OPTION]... PATTERN [FILE]...
Try 'grep --help' for more information.
++ LogSecret ''\''grep --Q=SECRET FOO /etc/issue'\'' failed with exit code 2'
++ test 1
++ Log ''\''grep --Q=SECRET FOO /etc/issue'\'' failed with exit code 2'
++ test -w /root/rear.github.master/var/log/rear/rear-linux-h9wr.log.lockless
++ echo '2023-06-06 10:43:23.126348711 '\''grep --Q=SECRET FOO /etc/issue'\'' failed with exit code 2'
2023-06-06 10:43:23.126348711 'grep --Q=SECRET FOO /etc/issue' failed with exit code 2
++ Error ''\''grep --Q=... FOO /etc/issue'\'' failed'
++ test -s /root/rear.github.master/var/log/rear/rear-linux-h9wr.log.lockless
++ PrintError 'ERROR: '\''grep --Q=... FOO /etc/issue'\'' failed'
++ test -s /root/rear.github.master/var/log/rear/rear-linux-h9wr.log.lockless
++ test '  2023-06-06 10:43:23.114764758 Entering debugscript mode via '\''set -x'\''.
  grep: unrecognized option '\''--Q=SECRET'\''
  Usage: grep [OPTION]... PATTERN [FILE]...
  Try '\''grep --help'\'' for more information.
  2023-06-06 10:43:23.126348711 '\''grep --Q=SECRET FOO /etc/issue'\'' failed with exit code 2'
++ PrintError 'Some latest log messages since the last called script 030_update_recovery_system.sh:'
++ PrintError '  2023-06-06 10:43:23.114764758 Entering debugscript mode via '\''set -x'\''.
  grep: unrecognized option '\''--Q=SECRET'\''
  Usage: grep [OPTION]... PATTERN [FILE]...
  Try '\''grep --help'\'' for more information.
  2023-06-06 10:43:23.126348711 '\''grep --Q=SECRET FOO /etc/issue'\'' failed with exit code 2'
++ test -f /dev/null
++ test 1
++ test 1
++ Log 'ERROR: '\''grep --Q=... FOO /etc/issue'\'' failed'
...

# grep SECRET var/log/rear/rear-linux-h9wr.log.lockless
++ grep --Q=SECRET FOO /etc/issue
grep: unrecognized option '--Q=SECRET'
++ LogSecret ''\''grep --Q=SECRET FOO /etc/issue'\'' failed with exit code 2'
++ Log ''\''grep --Q=SECRET FOO /etc/issue'\'' failed with exit code 2'
++ echo '2023-06-06 10:48:31.745727366 '\''grep --Q=SECRET FOO /etc/issue'\'' failed with exit code 2'
2023-06-06 10:48:31.745727366 'grep --Q=SECRET FOO /etc/issue' failed with exit code 2
  grep: unrecognized option '\''--Q=SECRET'\''
  2023-06-06 10:48:31.745727366 '\''grep --Q=SECRET FOO /etc/issue'\'' failed with exit code 2'
  grep: unrecognized option '\''--Q=SECRET'\''
  2023-06-06 10:48:31.745727366 '\''grep --Q=SECRET FOO /etc/issue'\'' failed with exit code 2'

@jsmeix
Copy link
Member Author

jsmeix commented Jun 6, 2023
edited

For a test when a secret command succeeded
I added at the beginning of
init/default/030_update_recovery_system.sh

if { grep --Q=SECRET FOO /etc/issue || true ; } 2>>/dev/$SECRET_OUTPUT_DEV ; then
    { LogSecret "'grep --Q=SECRET FOO /etc/issue' succeded" || Log "'grep --Q=... FOO /etc/issue' succeeded" ; } 2>>/dev/$SECRET_OUTPUT_DEV
else
    { LogSecret "'grep --Q=SECRET FOO /etc/issue' failed with exit code $?" ; } 2>>/dev/$SECRET_OUTPUT_DEV
    Error "'grep --Q=... FOO /etc/issue' failed"
fi
Error "END"

and
I modified the LogSecret function to

function LogSecret () {
    test "$EXPOSE_SECRETS" && Log "$@"
}

so the LogSecret function returns a non-zero exit code
(the exit code of test "$EXPOSE_SECRETS")
when EXPOSE_SECRETS is not set
so that one can use it like

{ LogSecret "message with SECRET" || Log "generic message" ; } 2>>/dev/$SECRET_OUTPUT_DEV

With that I get

# usr/sbin/rear help
ERROR: END
Some latest log messages since the last called script 030_update_recovery_system.sh:
  2023-06-06 13:20:51.241569690 'grep --Q=... FOO /etc/issue' succeeded
Use debug mode '-d' for some debug messages or debugscript mode '-D' for full debug messages with 'set -x' output
Aborting due to an error, check /root/rear.github.master/var/log/rear/rear-linux-h9wr.log.lockless for details
Terminated

# cat var/log/rear/rear-linux-h9wr.log.lockless
2023-06-06 13:20:49.074055476 Including /root/rear.github.master/etc/rear/os.conf
2023-06-06 13:20:49.089350470 Including conf/Linux-i386.conf
2023-06-06 13:20:49.113310625 Including conf/GNU/Linux.conf
2023-06-06 13:20:50.789315284 Including conf/SUSE_LINUX.conf
2023-06-06 13:20:50.819178586 Including /root/rear.github.master/etc/rear/local.conf
2023-06-06 13:20:50.823482258 ======================
2023-06-06 13:20:50.826955042 Running 'init' stage
2023-06-06 13:20:50.830641076 ======================
2023-06-06 13:20:50.840225392 Including init/default/001_verify_config_arrays.sh
2023-06-06 13:20:51.215990184 Including init/default/005_verify_os_conf.sh
2023-06-06 13:20:51.222860082 Including init/default/010_EFISTUB_check.sh
2023-06-06 13:20:51.229854971 Including init/default/010_set_drlm_env.sh
2023-06-06 13:20:51.236528057 Including init/default/030_update_recovery_system.sh
2023-06-06 13:20:51.241569690 'grep --Q=... FOO /etc/issue' succeeded
2023-06-06 13:20:51.267955873 ERROR: END
2023-06-06 13:20:51.278484974 Exiting rear help (PID 5133) and its descendant processes ...
2023-06-06 13:20:54.348362381 rear,5133 usr/sbin/rear help
                                `-rear,5765 usr/sbin/rear help
                                    `-pstree,5766 -Aplau 5133
2023-06-06 13:20:54.407733190 Running exit tasks

# grep SECRET var/log/rear/rear-linux-h9wr.log.lockless
[no output]

# usr/sbin/rear -e help
ERROR: END
Some latest log messages since the last called script 030_update_recovery_system.sh:
  2023-06-06 13:21:15.056481900 'grep --Q=SECRET FOO /etc/issue' succeded
Use debug mode '-d' for some debug messages or debugscript mode '-D' for full debug messages with 'set -x' output
Aborting due to an error, check /root/rear.github.master/var/log/rear/rear-linux-h9wr.log.lockless for details
Terminated

# cat var/log/rear/rear-linux-h9wr.log.lockless
2023-06-06 13:21:13.118314154 Including /root/rear.github.master/etc/rear/os.conf
2023-06-06 13:21:13.123719808 Including conf/Linux-i386.conf
2023-06-06 13:21:13.127143425 Including conf/GNU/Linux.conf
2023-06-06 13:21:14.688056849 Including conf/SUSE_LINUX.conf
2023-06-06 13:21:14.693378519 Including /root/rear.github.master/etc/rear/local.conf
2023-06-06 13:21:14.697579236 ======================
2023-06-06 13:21:14.700833935 Running 'init' stage
2023-06-06 13:21:14.704080975 ======================
2023-06-06 13:21:14.713392404 Including init/default/001_verify_config_arrays.sh
2023-06-06 13:21:15.030903839 Including init/default/005_verify_os_conf.sh
2023-06-06 13:21:15.037883004 Including init/default/010_EFISTUB_check.sh
2023-06-06 13:21:15.044286030 Including init/default/010_set_drlm_env.sh
2023-06-06 13:21:15.050971066 Including init/default/030_update_recovery_system.sh
2023-06-06 13:21:15.056481900 'grep --Q=SECRET FOO /etc/issue' succeded
2023-06-06 13:21:15.071431761 ERROR: END
2023-06-06 13:21:15.081573904 Exiting rear help (PID 5799) and its descendant processes ...
2023-06-06 13:21:18.123068405 rear,5799 usr/sbin/rear -e help
                                `-rear,6432 usr/sbin/rear -e help
                                    `-pstree,6433 -Aplau 5799
2023-06-06 13:21:18.148469551 Running exit tasks

# grep SECRET var/log/rear/rear-linux-h9wr.log.lockless
2023-06-06 13:21:15.056481900 'grep --Q=SECRET FOO /etc/issue' succeded

# usr/sbin/rear -D help
Running 'init' stage ======================
ERROR: END
Some latest log messages since the last called script 030_update_recovery_system.sh:
  2023-06-06 13:21:40.512275229 Entering debugscript mode via 'set -x'.
  2023-06-06 13:21:40.521085733 'grep --Q=... FOO /etc/issue' succeeded
Aborting due to an error, check /root/rear.github.master/var/log/rear/rear-linux-h9wr.log.lockless for details
Exiting rear help (PID 6466) and its descendant processes ...
Running exit tasks
Terminated

# cat var/log/rear/rear-linux-h9wr.log.lockless
...
+ source /root/rear.github.master/usr/share/rear/init/default/030_update_recovery_system.sh
2023-06-06 13:21:40.521085733 'grep --Q=... FOO /etc/issue' succeeded
++ Error END
++ test -s /root/rear.github.master/var/log/rear/rear-linux-h9wr.log.lockless
++ PrintError 'ERROR: END'
++ test -s /root/rear.github.master/var/log/rear/rear-linux-h9wr.log.lockless
++ test '  2023-06-06 13:21:40.512275229 Entering debugscript mode via '\''set -x'\''.
  2023-06-06 13:21:40.521085733 '\''grep --Q=... FOO /etc/issue'\'' succeeded'
++ PrintError 'Some latest log messages since the last called script 030_update_recovery_system.sh:'
++ PrintError '  2023-06-06 13:21:40.512275229 Entering debugscript mode via '\''set -x'\''.
  2023-06-06 13:21:40.521085733 '\''grep --Q=... FOO /etc/issue'\'' succeeded'
++ test -f /dev/null
++ test 1
++ test 1
++ Log 'ERROR: END'
...

# grep SECRET var/log/rear/rear-linux-h9wr.log.lockless
[no output]

# usr/sbin/rear -e -D help
Running 'init' stage ======================
ERROR: END
Some latest log messages since the last called script 030_update_recovery_system.sh:
  2023-06-06 13:31:30.203456832 Entering debugscript mode via 'set -x'.
  grep: unrecognized option '--Q=SECRET'
  Usage: grep [OPTION]... PATTERN [FILE]...
  Try 'grep --help' for more information.
  2023-06-06 13:31:30.215654735 'grep --Q=SECRET FOO /etc/issue' succeded
Aborting due to an error, check /root/rear.github.master/var/log/rear/rear-linux-h9wr.log.lockless for details
Exiting rear help (PID 7510) and its descendant processes ...
Running exit tasks
Terminated

# cat var/log/rear/rear-linux-h9wr.log.lockless
...
+ source /root/rear.github.master/usr/share/rear/init/default/030_update_recovery_system.sh
++ grep --Q=SECRET FOO /etc/issue
grep: unrecognized option '--Q=SECRET'
Usage: grep [OPTION]... PATTERN [FILE]...
Try 'grep --help' for more information.
++ true
++ LogSecret ''\''grep --Q=SECRET FOO /etc/issue'\'' succeded'
++ test 1
++ Log ''\''grep --Q=SECRET FOO /etc/issue'\'' succeded'
++ test -w /root/rear.github.master/var/log/rear/rear-linux-h9wr.log.lockless
++ echo '2023-06-06 13:31:30.215654735 '\''grep --Q=SECRET FOO /etc/issue'\'' succeded'
2023-06-06 13:31:30.215654735 'grep --Q=SECRET FOO /etc/issue' succeded
++ Error END
++ test -s /root/rear.github.master/var/log/rear/rear-linux-h9wr.log.lockless
++ PrintError 'ERROR: END'
++ test -s /root/rear.github.master/var/log/rear/rear-linux-h9wr.log.lockless
++ test '  2023-06-06 13:31:30.203456832 Entering debugscript mode via '\''set -x'\''.
  grep: unrecognized option '\''--Q=SECRET'\''
  Usage: grep [OPTION]... PATTERN [FILE]...
  Try '\''grep --help'\'' for more information.
  2023-06-06 13:31:30.215654735 '\''grep --Q=SECRET FOO /etc/issue'\'' succeded'
++ PrintError 'Some latest log messages since the last called script 030_update_recovery_system.sh:'
++ PrintError '  2023-06-06 13:31:30.203456832 Entering debugscript mode via '\''set -x'\''.
  grep: unrecognized option '\''--Q=SECRET'\''
  Usage: grep [OPTION]... PATTERN [FILE]...
  Try '\''grep --help'\'' for more information.
  2023-06-06 13:31:30.215654735 '\''grep --Q=SECRET FOO /etc/issue'\'' succeded'
++ test -f /dev/null
++ test 1
++ test 1
++ Log 'ERROR: END'
...

# grep SECRET var/log/rear/rear-linux-h9wr.log.lockless
++ grep --Q=SECRET FOO /etc/issue
grep: unrecognized option '--Q=SECRET'
++ LogSecret ''\''grep --Q=SECRET FOO /etc/issue'\'' succeded'
++ Log ''\''grep --Q=SECRET FOO /etc/issue'\'' succeded'
++ echo '2023-06-06 13:31:30.215654735 '\''grep --Q=SECRET FOO /etc/issue'\'' succeded'
2023-06-06 13:31:30.215654735 'grep --Q=SECRET FOO /etc/issue' succeded
  grep: unrecognized option '\''--Q=SECRET'\''
  2023-06-06 13:31:30.215654735 '\''grep --Q=SECRET FOO /etc/issue'\'' succeded'
  grep: unrecognized option '\''--Q=SECRET'\''
  2023-06-06 13:31:30.215654735 '\''grep --Q=SECRET FOO /etc/issue'\'' succeded'

@jsmeix
Update _input-output-functions.sh
68d5fb8 
Let the LogSecret function return a non-zero exit code
when EXPOSE_SECRETS is not set which can be used
to log a generic fallback message, see
#3006 (comment)
@jsmeix jsmeix mentioned this pull request Jun 6, 2023
Closed
@jsmeix
Copy link
Member Author

jsmeix commented Jun 6, 2023

@codefritzel @rear/contributors
could you please have a look here and
provide feedback what you think about it
and ideally also how it behaves for you.

Nothing is documented yet in "rear help" or "man rear"
until I did some more tests and until I got some feedback
what others think about it and how it behaves for them.

@jsmeix jsmeix requested a review from a team June 6, 2023 12:23
@jsmeix jsmeix linked an issue Jun 6, 2023 that may be closed by this pull request
Confidential values leaked into log file in debug mode #2967
Closed
@jsmeix
Update rear
a61531a 
Better readable comment
This was referenced Jun 6, 2023
Merged
Closed
@jsmeix
Copy link
Member Author

jsmeix commented Jun 14, 2023
edited

@codefritzel @rear/contributors
I would like to merge it tomorrow afternoon
unless there are objections.

After the merge of this one I will replace our current

{ SECRET STUFF ; } 2>/dev/null

code with the new

{ SECRET STUFF ; } 2>>/dev/$SECRET_OUTPUT_DEV

method that is implemented by this pull request
via one or more separated pull request(s) as needed.

@jsmeix jsmeix merged commit 488eae5 into master Jun 15, 2023
19 of 23 checks passed
@jsmeix jsmeix deleted the jsmeix-expose-secrets branch June 15, 2023 11:38
jsmeix added a commit that referenced this pull request Aug 2, 2023
@jsmeix
Use '2>>/dev/$SECRET_OUTPUT_DEV'
dc43e7d 
In default.conf
use '2>>/dev/$SECRET_OUTPUT_DEV'
see #3006
and #2967
This was referenced Aug 2, 2023
Merged
Closed
jsmeix added a commit that referenced this pull request Aug 3, 2023
@jsmeix
Merge pull request #3034 from rear/jsmeix-use-SECRET_OUTPUT_DEV
2611da2 
Use '{ SECRET COMMAND ; } 2>>/dev/$SECRET_OUTPUT_DEV'
instead of '{ SECRET COMMAND ; } 2>/dev/null'
because '{ ... ; } 2>>/dev/$SECRET_OUTPUT_DEV'
makes debugging still possible for the user
by calling rear with the '--expose-secrets' option
and SECRET_OUTPUT_DEV makes it clear which redirections
are explicitly meant to hide secrets to distinguish them
from usual unwanted output discard via '2>/dev/null'
see #3006
and #2967
jsmeix added a commit that referenced this pull request Aug 8, 2023
@jsmeix
Merge pull request #3039 from rear/jsmeix-man-expose-secrets
e8cb73c 
In doc/rear.8.adoc describe the new -e/--expose-secrets option
see #3006
and #2967
Additionally a more exact description what the non-interactive mode does
and some general simplifications of other GLOBAL OPTIONS texts.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jsmeix jsmeix

Labels
critical / security / legal enhancement Adaptions and new features fixed / solved / done
Projects
None yet
Milestone
ReaR v2.8
Development

Successfully merging this pull request may close these issues.

Confidential values leaked into log file in debug mode
1 participant
@jsmeix