Comment 5 for bug 1918303

Hello Carl, thanks for the excellent report.

Please use CVE-2021-3429 for this issue.

Normally I'd say printing passwords to logs is a mistake but I can see how we got here. Probably we should make this configurable.

I think we should also change the permissions to match the systemd journal files.

On my 20.04 laptop, files in /var/log/journal/*/ are readable by group systemd-journal and group adm. adm is allowed to read many log files on Debian and derivatives, though normally passwords aren't included in logs.

Thanks