Glance

Some db/sqlalchemy debug messages print sql password

Bug #1155603 reported by Tom Hancock on 2013-03-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Glance	Fix Released	High	Tom Hancock	Glance grizzly-rc1 "RC1"
	Grizzly	Fix Released	High	Tom Hancock	Glance 2013.1 "grizzly"

Bug Description

Some messages in glance/db/sqlalchemy/api.py and glance/db/sqlalchemy/migration print the SQL password to logs
or embed it in exception messages. Simply not using the SQL connection in the text would resolve this.

Tags:

Revision history for this message

Thierry Carrez (ttx) wrote on 2013-03-15:

Could you be more specific ? Trying to decide if we should embrago the fix or not... Are those messages only activated in debug mode ? Are they user-facing or log-facing only ?

Changed in glance:
status:	New → Incomplete

Revision history for this message

Tom Hancock (tom-hancock) wrote on 2013-03-15:

Sure.
The messages are available in non debug mode under error conditions.
I identified five - four are associated with database migrations, the fifth with initialising the connection.
They are printed to log messages and as far as I can tell they're not available to users.

Revision history for this message

Michael Still (mikal) wrote on 2013-03-15:

At the very least we should never log the SQL connection string, which almost certainly contains the DB password.

$ search LOG | grep sql_connection
./migration.py: LOG.info(_("Upgrading %(sql_connection)s to version %(version_str)s") %
./migration.py: LOG.info(_("Downgrading %(sql_connection)s to version %(version)s") %

Tom, are you working on a patch for this or shall I?

Revision history for this message

Tom Hancock (tom-hancock) wrote on 2013-03-15:

See https://review.openstack.org/#/c/24521

Revision history for this message

Michael Still (mikal) wrote on 2013-03-15:

Public code review == public bug. This isn't remotely exploitable, so I don't think we need to hold it too close anyways.

information type:

Private Security → Public Security

Mark Washenberger (markwash) on 2013-03-16

Changed in glance:
status:	Incomplete → Triaged
tags:	added: grizzly-rc-potential
Changed in glance:
importance:	Undecided → High

Thierry Carrez (ttx) on 2013-03-18

Changed in glance:
status:	Triaged → In Progress

Thierry Carrez (ttx) on 2013-03-18

Changed in glance:
milestone:	none → grizzly-rc1
tags:	removed: grizzly-rc-potential

OpenStack Infra (hudson-openstack) on 2013-03-18

Changed in glance:
assignee:	nobody → Brian Waldon (bcwaldon)

Brian Waldon (bcwaldon) on 2013-03-18

Changed in glance:
assignee:	Brian Waldon (bcwaldon) → Tom Hancock (tom-hancock)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-03-18: Fix merged to glance (master)

Reviewed: https://review.openstack.org/24521
Committed: http://github.com/openstack/glance/commit/8825d3ab3d2ca670bbfe48a8b5575cfdc4231092
Submitter: Jenkins
Branch: master

commit 8825d3ab3d2ca670bbfe48a8b5575cfdc4231092
Author: Tom Hancock <email address hidden>
Date: Fri Mar 15 11:08:35 2013 +0000

Don't print sql password in debug messages

Fixes bug #1155603

Change-Id: I78da6744a0c65211efc3c36593c300cbf685bcfc

Changed in glance:
status:	In Progress → Fix Committed

Revision history for this message

Thierry Carrez (ttx) wrote on 2013-03-19:

Agree that we don't need to publish an OSSA on this.

information type:	Public Security → Public
tags:	added: security

Thierry Carrez (ttx) on 2013-03-19

Changed in glance:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.