yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #22810
[Bug 1343604] Re: Exceptions thrown, and messages logged by execute() may include passwords
** Changed in: nova
Status: Fix Committed => Fix Released
** Changed in: nova
Milestone: None => juno-rc1
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1343604
Title:
Exceptions thrown, and messages logged by execute() may include
passwords
Status in Cinder:
Fix Released
Status in Cinder havana series:
Fix Released
Status in Cinder icehouse series:
Fix Committed
Status in OpenStack Compute (Nova):
Fix Released
Status in OpenStack Compute (nova) havana series:
Fix Released
Status in OpenStack Compute (nova) icehouse series:
Fix Committed
Status in The Oslo library incubator:
Fix Released
Status in OpenStack Security Advisories:
Triaged
Status in Openstack Database (Trove):
Fix Committed
Status in Trove icehouse series:
Fix Committed
Bug description:
Currently when execute() throws a ProcessExecutionError, it returns
the command without masking passwords. In the one place where it logs
the command, it correctly masks the password.
It would be prudent to mask the password in the exception as well so
that upstream catchers don't have to go through the mask_password()
motions.
The same also goes for stdout and stderr information which should be
sanitized.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1343604/+subscriptions