[node-patches] Change in ovirt-node[master]: rhn: Remove values of password arguments
fabiand at fedoraproject.org
fabiand at fedoraproject.org
Fri Oct 12 13:53:25 UTC 2012
Fabian Deutsch has uploaded a new change for review.
Change subject: rhn: Remove values of password arguments
......................................................................
rhn: Remove values of password arguments
Previosuly passwords were removed from the logfiles by pure
substitution, in some cases this lead to problems.
The new approach looks for arguments and replace their values with a
placeholder - this is more secure.
rhbz#837228
Change-Id: Ib20f6d675d4f2f525c30620e0cc34124d1491992
Signed-off-by: Fabian Deutsch <fabiand at redhat.com>
---
M scripts/rhn.py
1 file changed, 15 insertions(+), 4 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/15/8515/1
diff --git a/scripts/rhn.py b/scripts/rhn.py
index d88111e..1022efe 100755
--- a/scripts/rhn.py
+++ b/scripts/rhn.py
@@ -99,8 +99,14 @@
# regenerate up2date config
if os.path.exists("/etc/sysconfig/rhn/up2date"):
os.unlink("/etc/sysconfig/rhn/up2date")
- logged_args = str(args).replace(password, "XXXXXXXX")
- logged_args = str(logged_args).replace(proxypass, "XXXXXXXX")
+
+ logged_args = args
+ remove_values_from_args = ["--password", "--proxyPassword"]
+ for idx, arg in enumerate(logged_args):
+ if arg in remove_values_from_args:
+ logged_args[idx+1] = "XXXXXXX"
+ logged_args = str(logged_args)
+
logger.debug(logged_args)
rhn_reg = subprocess_closefds(args, shell=False, stdout=PIPE,
stderr=STDOUT)
@@ -244,8 +250,13 @@
for f in all_rhsm_configs:
unlink_if_exists(f)
- logged_args = str(args).replace(password, "XXXXXXXX")
- logged_args = str(logged_args).replace(proxypass, "XXXXXXXX")
+ logged_args = args
+ remove_values_from_args = ["--password", "--proxypassword"]
+ for idx, arg in enumerate(logged_args):
+ if arg in remove_values_from_args:
+ logged_args[idx+1] = "XXXXXXX"
+ logged_args = str(logged_args)
+
log(logged_args)
smreg_proc = subprocess_closefds(args, shell=False, stdout=PIPE,
stderr=STDOUT)
--
To view, visit http://gerrit.ovirt.org/8515
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib20f6d675d4f2f525c30620e0cc34124d1491992
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Fabian Deutsch <fabiand at fedoraproject.org>
More information about the node-patches
mailing list