OpenStack Compute (nova)

  1. Series icehouse
  2. Bug #1343604
  3. Comment #27

Comment 27 for bug 1343604

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/116982
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=853d8f9897f8563851441108a9be26b10908c076
Submitter: Jenkins
Branch: master

commit 853d8f9897f8563851441108a9be26b10908c076
Author: Tristan Cacqueray <email address hidden>
Date: Tue Aug 26 18:16:40 2014 +0000

    Mask passwords in exceptions and error messages

    When a ProcessExecutionError is thrown by processutils.execute(), the
    exception may contain information such as password. Upstream
    applications that just log the message (as several appear to do) could
    inadvertently expose these passwords to a user with read access to the
    log files. It is therefore considered prudent to invoke
    strutils.mask_password() on the command, stdout and stderr in the
    exception.

    Cherry-pick from review.openstack.org/109417
    Partial-Bug: #1343604

    Change-Id: I9741dcdebdb4bed295ddc5ec4c4b117fffcfe88c