From 256550a14b07f99c4de50ffc84bd96343a07769b Mon Sep 17 00:00:00 2001 From: Bryan Neumann Date: Wed, 21 Feb 2024 15:33:49 -0500 Subject: [PATCH] Prevent logging of restricted file contents Prevent logging of sensitive data in restricted files when privsep operations complete. Dell PowerFlex: password appears in plain text when - creating a volume from an image - attaching a volume - detatching a volume Closes bug #2003179 Change-Id: Ic26a355e65b3392df9fb970170c9dbb60bbf4606 --- oslo_privsep/daemon.py | 4 ++-- .../notes/bug-2003179-f88922a47abcf07a.yaml | 14 ++++++++++++++ 2 files changed, 16 insertions(+), 2 deletions(-) create mode 100644 releasenotes/notes/bug-2003179-f88922a47abcf07a.yaml diff --git a/oslo_privsep/daemon.py b/oslo_privsep/daemon.py index df168f5..b688a90 100644 --- a/oslo_privsep/daemon.py +++ b/oslo_privsep/daemon.py @@ -496,8 +496,8 @@ class Daemon(object): """ try: reply = result.result() - LOG.debug('privsep: reply[%(msgid)s]: %(reply)s', - {'msgid': msgid, 'reply': reply}) + LOG.debug('privsep: reply[%(msgid)s]: has_reply? %(reply)s', + {'msgid': msgid, 'reply': reply != None}) channel.send((msgid, reply)) except IOError: self.communication_error = sys.exc_info() diff --git a/releasenotes/notes/bug-2003179-f88922a47abcf07a.yaml b/releasenotes/notes/bug-2003179-f88922a47abcf07a.yaml new file mode 100644 index 0000000..6e07cce --- /dev/null +++ b/releasenotes/notes/bug-2003179-f88922a47abcf07a.yaml @@ -0,0 +1,14 @@ +--- +fixes: + - | + `Bug #2003179 `_: Fixed + Prevent logging of restricted file contents + + Prevent logging of sensitive data in restricted + files when privsep operations complete. + + Dell PowerFlex: password appears in plain text when + - creating a volume from an image + - attaching a volume + - detatching a volume +