[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] Scrub VNC passwords from XenD log files

On Tue, Dec 05, 2006 at 07:31:25PM +0000, Daniel P. Berrange wrote:

> The XendDomainInfo and XendConfig classes both log the guest VM config data
> to the /var/log/xen/xend.log  in many places. Unfortunately the VNC passwords
> are stored in plain text in the guest VM config files. So we end up with 
> plain text passwords in the xend.log file
> Now we can make /var/log/xen  mode 0700 to protect them from local users,
> but it is very common when debugging issues to request that a user attach
> the contents of /var/log/xen/xend.log to the bug report ticket, or emails
> sent to mailing lists. This will obviously compromise any VNC passwords
> to essentially the while world & his dog. What's more, Google will make 
> it incredibly easy to search for these too.
> There are a few potential approaches to this
>  1. Remove all logging from xend.log
>  2. Change default log level to only record WARN and higher, so DEBUG
>     stuff is not recorded normally
>  3. Scrub the passwords out of the data being logged
>  4. Do nothing
> I really don't like options 1 or 2, because the stuff XenD is logging is
> actually incredibly helpful when debugging end user problems. 4 is not
> really a viable option either. So we're left with 3.
> Thus I am attaching a prototype patch which scrubs VNC passwords out of
> the data being logged by XenD.

That looks good to me -- could I have a Signed-off-by line, so I can apply it?



Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.