Ceilometer

VMware: host_password does not support secret the string in log text

Bug #1357177 reported by David Geng
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ceilometer
Fix Released
Critical
David Geng
Ceilometer 2014.2 "juno"
Icehouse
Fix Released
Critical
David Geng
Ceilometer 2014.1.3
OpenStack Security Advisory
Won't Fix
Undecided
Unassigned

Bug Description

The host_password opt should set the secrt = True, otherwise the password will be leaked into log files.

David Geng (genggjh)
Changed in ceilometer:
assignee: nobody → David Geng (genggjh)
David Geng (genggjh)
information type: Private Security → Public Security
David Geng (genggjh)
information type: Public Security → Public
OpenStack Infra (hudson-openstack)
Changed in ceilometer:
status: New → In Progress
gordon chung (chungg)
Changed in ceilometer:
importance: Undecided → Critical
no longer affects: ceilometer/trunk
gordon chung (chungg)
Changed in ceilometer:
milestone: none → juno-3
Eoghan Glynn (eglynn)
summary: - VMware: host_password does not support secrt the string in log text
+ VMware: host_password does not support secret the string in log text
tags: added: icehouse-backport-potential
Tristan Cacqueray (tristan-cacqueray)
Changed in ossa:
status: New → Incomplete
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to ceilometer (stable/icehouse)

Fix proposed to branch: stable/icehouse
Review: https://review.openstack.org/114882

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on ceilometer (stable/icehouse)

Change abandoned by David Geng (<email address hidden>) on branch: stable/icehouse
Review: https://review.openstack.org/114882

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to ceilometer (master)

Reviewed: https://review.openstack.org/114428
Committed: https://git.openstack.org/cgit/openstack/ceilometer/commit/?id=2a3fcd5a1e37c5084dcfffd8836235a4dc9512f2
Submitter: Jenkins
Branch: master

commit 2a3fcd5a1e37c5084dcfffd8836235a4dc9512f2
Author: gengjh <email address hidden>
Date: Fri Aug 15 11:37:39 2014 +0800

    VMware: Support secret host_password option

    Closes-Bug: #1357177
    Change-Id: If64a2dfccb9837b972a9ed4213107ad8fa4ff7b8

Changed in ceilometer:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
information type: Public → Public Security
Revision history for this message
Thierry Carrez (ttx) wrote :

If I understand correctly, this results in the password to show up in configuration dumps in DEBUG mode. While this should definitely be fixed, we generally didn't issue an advisory for leaks in DEBUG logs in the past. So I propose we just fix this.

Revision history for this message
gordon chung (chungg) wrote :

ttx, sounds good to me. wasn't sure what the typical response was for issues such as this so i just added ossa just in case.

Thierry Carrez (ttx)
Changed in ossa:
status: Incomplete → Won't Fix
information type: Public Security → Public
Thierry Carrez (ttx)
Changed in ceilometer:
status: Fix Committed → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to ceilometer (stable/icehouse)

Reviewed: https://review.openstack.org/114882
Committed: https://git.openstack.org/cgit/openstack/ceilometer/commit/?id=ccd6b989543faefeb2294535d39e2f53747428a6
Submitter: Jenkins
Branch: stable/icehouse

commit ccd6b989543faefeb2294535d39e2f53747428a6
Author: gengjh <email address hidden>
Date: Fri Aug 15 11:37:39 2014 +0800

    VMware: Support secret host_password option

    Closes-Bug: #1357177
    Change-Id: If64a2dfccb9837b972a9ed4213107ad8fa4ff7b8
    (cherry picked from commit 2a3fcd5a1e37c5084dcfffd8836235a4dc9512f2)

Thierry Carrez (ttx)
Changed in ceilometer:
milestone: juno-3 → 2014.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.