Sahara

Logging authentication tokens in debug while using proxy commands or network namespaces

Bug #1488559 reported by Michael McCune
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Sahara
Fix Released
High
Michael McCune
Sahara 3.0.0 "liberty"
Juno
Fix Released
High
Michael McCune
Sahara 2014.2.4
Kilo
Fix Released
High
Michael McCune
Sahara 2015.1.3

Bug Description

Under some conditions sahara will log authentication tokens while in debug mode. This can occur when the sahara server is configured to use proxy commands or network namespaces to communicate with its cluster nodes.

The offending code can be found in sahara/utils/ssh_remote.py@L553

        ctx = context.current()
        neutron_info['uri'] = base.url_for(ctx.service_catalog, 'network')
        neutron_info['token'] = ctx.auth_token
        neutron_info['tenant'] = ctx.tenant_name
        neutron_info['host'] = instance.management_ip

        LOG.debug('Returning neutron info: {info}'.format(info=neutron_info))

Although this is a corner case for sahara operation, and it will only occur while the server is in debug mode, this log message should be changed to remove the sensitive information.

Revision history for this message
Michael McCune (mimccune) wrote :

adding a patch to resolve this issue by removing the token from the logs

Revision history for this message
Sergey Lukjanov (slukjanov) wrote :

Ack the issue and I'm ok with the patch. Michael, thanks for finding it.

Changed in sahara:
milestone: none → liberty-3
Revision history for this message
Grant Murphy (gmurphy) wrote :

Typically the VMT doesn't issue advisories for logging of credentials in debug mode. This issue can be fixed in the open. I will leave it to you to open the bug at your discretion.

Revision history for this message
Michael McCune (mimccune) wrote :

thanks Grant

Changed in sahara:
assignee: nobody → Michael McCune (mimccune)
Michael McCune (mimccune)
information type: Private Security → Public Security
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to sahara (master)

Fix proposed to branch: master
Review: https://review.openstack.org/216879

Changed in sahara:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to sahara (stable/kilo)

Fix proposed to branch: stable/kilo
Review: https://review.openstack.org/216881

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to sahara (stable/juno)

Fix proposed to branch: stable/juno
Review: https://review.openstack.org/216882

Sergey Reshetnyak (sreshetniak)
Changed in sahara:
importance: Undecided → High
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to sahara (stable/juno)

Reviewed: https://review.openstack.org/216882
Committed: https://git.openstack.org/cgit/openstack/sahara/commit/?id=b3b81f4ce9926199fc8211e0e036739086b822cb
Submitter: Jenkins
Branch: stable/juno

commit b3b81f4ce9926199fc8211e0e036739086b822cb
Author: Michael McCune <email address hidden>
Date: Tue Aug 25 11:48:55 2015 -0400

    Removing token information from debug log

    To mitigate the tokens being logged during the creation of neutron
    clients for proxy commands and network namespaces, this patch creates a
    separate dictionary that removes the token information before reporting
    to the log.

    Change-Id: I2dfaa89d3262d5e558d0c95e76642874f5ee7004
    Closes-Bug: 1488559
    (cherry picked from commit 76861a24be4d9efdf7ae2ec41c85fc0505a7c3c0)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to sahara (stable/kilo)

Reviewed: https://review.openstack.org/216881
Committed: https://git.openstack.org/cgit/openstack/sahara/commit/?id=203c357f509eb2d57a29d38a37ea07676084c824
Submitter: Jenkins
Branch: stable/kilo

commit 203c357f509eb2d57a29d38a37ea07676084c824
Author: Michael McCune <email address hidden>
Date: Tue Aug 25 11:48:55 2015 -0400

    Removing token information from debug log

    To mitigate the tokens being logged during the creation of neutron
    clients for proxy commands and network namespaces, this patch creates a
    separate dictionary that removes the token information before reporting
    to the log.

    Change-Id: I2dfaa89d3262d5e558d0c95e76642874f5ee7004
    Closes-Bug: 1488559
    (cherry picked from commit 76861a24be4d9efdf7ae2ec41c85fc0505a7c3c0)

Changed in sahara:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to sahara (master)

Reviewed: https://review.openstack.org/216879
Committed: https://git.openstack.org/cgit/openstack/sahara/commit/?id=76861a24be4d9efdf7ae2ec41c85fc0505a7c3c0
Submitter: Jenkins
Branch: master

commit 76861a24be4d9efdf7ae2ec41c85fc0505a7c3c0
Author: Michael McCune <email address hidden>
Date: Tue Aug 25 11:48:55 2015 -0400

    Removing token information from debug log

    To mitigate the tokens being logged during the creation of neutron
    clients for proxy commands and network namespaces, this patch creates a
    separate dictionary that removes the token information before reporting
    to the log.

    Change-Id: I2dfaa89d3262d5e558d0c95e76642874f5ee7004
    Closes-Bug: 1488559

Doug Hellmann (doug-hellmann)
Changed in sahara:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in sahara:
milestone: liberty-3 → 3.0.0
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.