Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent Leaking Passwords to the Log [SLE-15-SP5] #129

Merged
merged 2 commits into from
May 28, 2024
Merged

Prevent Leaking Passwords to the Log [SLE-15-SP5] #129

merged 2 commits into from
May 28, 2024

Conversation

shundhammer
Copy link
Contributor

@shundhammer shundhammer commented May 28, 2024
edited
Loading

Target Branch

This is the backport to SLE-15-SP5 of #128.

Bugzilla

https://bugzilla.suse.com/show_bug.cgi?id=1225432

Problem

Passwords may be leaked to the log.

Cause

When the configuration is written to file, it is also logged completely to the y2log. This includes any passwords that the user entered when configuring iSCSI.

Unfortunately, the config class is just a very thin wrapper around an array of hashes, not a real class with dedicated fields, so we cannot use the secret_attr method that we use in other places.

Fix

Don't log the complete configuration, only the fact that is was written.

The log format is unwieldy and very hard to read for a human anyway, so it's not very useful to log it in the first place.

Related Branches

@shundhammer shundhammer mentioned this pull request May 28, 2024
Merged
@coveralls
Copy link

Pull Request Test Coverage Report for Build 9269942638

Details

  • 1 of 1 (100.0%) changed or added relevant line in 1 file are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 30.485%
Totals Coverage Status
Change from base Build 6246074236: 0.0%
Covered Lines: 792
Relevant Lines: 2598
💛 - Coveralls

kobliha
kobliha approved these changes May 28, 2024
View reviewed changes
Copy link
Member

@kobliha kobliha left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks HuHa :)

@shundhammer shundhammer merged commit 302f37f into SLE-15-SP5 May 28, 2024
10 checks passed
@shundhammer shundhammer deleted the huha-pw-leak-15-5 branch May 28, 2024 14:00
@yast-bot
Copy link
Contributor

✔️ Internal Jenkins job #761 successfully finished
✔️ Created IBS submit request #332524

This was referenced May 28, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@imobachgs imobachgs imobachgs approved these changes

@kobliha kobliha kobliha approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@shundhammer @coveralls @yast-bot @imobachgs @kobliha