LOG.debug('privsep: reply[%(msgid)s]: %(reply)s',
{'msgid': msgid, 'reply': reply})
to the following that will indicate True/False if there is a reply without printing it out.
LOG.debug('privsep: reply[%(msgid)s]: %(reply)s', {'msgid': msgid, 'reply?': reply != None})
This seems safer overall as the issue could show up for other drivers in the future.
I propose adjusting the logging to remove the possibility of inadvertently logging sensitive data.
As this line, https:/ /opendev. org/openstack/ oslo.privsep/ src/commit/ f0c7eca61b9cbd3 ae3dbcab7f29ca7 4dd0e2dc1d/ oslo_privsep/ daemon. py#L499, logs the reply from any command it was used to run, the issue could manifest elsewhere. To avoid this, the line performing the logging could be changed from
LOG.debug('privsep: reply[%(msgid)s]: %(reply)s', 'privsep: reply[%(msgid)s]: %(reply)s',
{' msgid': msgid, 'reply?': reply != None})
{'msgid': msgid, 'reply': reply})
to the following that will indicate True/False if there is a reply without printing it out.
LOG.debug(
This seems safer overall as the issue could show up for other drivers in the future.