yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1470740] Re: swiftclient disclose token in debug logs

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Robert Clark <1470740@xxxxxxxxxxxxxxxxxx>
Date: Thu, 02 Jul 2015 13:49:20 -0000
Reply-to: Bug 1470740 <1470740@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
** Also affects: ossn
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1470740

Title:
  swiftclient disclose token in debug logs

Status in OpenStack Image Registry and Delivery Service (Glance):
  New
Status in OpenStack Security Notes:
  New
Status in Python client library for Swift:
  New

Bug description:
  Setup: juno. Nova, glance + swiftclient.

  glance-api.conf (important parts):

  [DEFAULT]
  debug = true
  logging_context_format_string=%(name)s[%(process)d]: %(levelname)s %(instance)s%(message)s [%(request_id)s %(user)s %(tenant)s]
  logging_default_format_string=%(name)s[%(process)d]: %(levelname)s %(instance)s%(message)s
  logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d
  logging_exception_prefix=%(name)s[%(process)d]: TRACE %(instance)s
  default_store = swift
  use_syslog = True
  syslog_log_facility = LOG_LOCAL2
  swift_store_auth_address = https://my.hand.disclosing.corporte.url:5000/v2.0
  swift_store_user = tenant:user
  swift_store_key = sexgodqwerty123456love

  Result in remote syslog:

  DEBUG REQ: curl -i
  https://my.hand.disclosing.corporte.url:8080/v1/OMG_47e02d5a461148ef9f9dab62ea0ba64b/region/6a66d8dc-5748-4cb5-9db5-b12ab0d1c698-00007
  -X PUT -H "X-Auth-Token: 6f64276e2074726461650a6d" http_log
  /usr/lib/python2.7/dist-packages/swiftclient/client.py:95

  Versions:

  ii  python-swift                        2.2.0-0ubuntu1~cloud0                                all          distributed virtual object store - Python libraries
  ii  python-swiftclient                  1:2.3.0-0ubuntu1~cloud0                              all          Client library for Openstack Swift API.
  ii  glance-api                          1:2014.2.3-0-ownbuild  all          OpenStack Image Registry and Delivery Service - API
  ii  glance-common                       1:2014.2.3-ownbuild  all          OpenStack Image Registry and Delivery Service - Common
  ii  python-glance                       1:2014.2.3-0ownbuild  all          OpenStack Image Registry and Delivery Service - Python library
  ii  python-glance-store                 0.1.8-1ubuntu2~cloud0                                all          OpenStack Image Service store library - Python 2.x
  ii  python-glanceclient                 1:0.14.0-0ubuntu1~cloud0                             all          Client library for Openstack glance server.

  Impact:
  1) Unprivileged employee with access to logging facility may get access to glance images, including snapshots of the tenants.
  2) Syslog transmitted unencrypted in UDP or TCP and it may be viewed by unauthorized person.

  Expected behavior:
  Complete or partial token masking in logs, f.e.:

  DEBUG REQ: curl -i
  https://my.hand.disclosing.corporte.url:8080/v1/OMG_47e02d5a461148ef9f9dab62ea0ba64b/region/6a66d8dc-5748-4cb5-9db5-b12ab0d1c698-00007
  -X PUT -H "X-Auth-Token: 6****************d" http_log
  /usr/lib/python2.7/dist-packages/swiftclient/client.py:95

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1470740/+subscriptions