Project

General

Profile

Actions
Copy link

Bug #13608

closed

file enforce content log file content which can have private info

Added by François ARMAND about 6 years ago. Updated over 2 years ago.

Status:
Released
Priority:
N/A
Assignee:
Vincent MEMBRÉ
Category:
Security
Target version:
4.1.15
Pull Request:
https://github.com/Normation/ncf/pull...
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Very Small
Priority:
0
Name check:
Fix check:
Regression:

Description

In file enforce content, we have an info log with the file content. This can leak private info. The log must be removed.

Related issues 1 (0 open1 closed)

Related to Rudder - Bug #13175: rudder agent log files content in user facilityReleasedAlexis MoussetActions
Actions
Copy link
 #1

Updated by Vincent MEMBRÉ about 6 years ago

first glance on the fix, a real pr arrives soon https://github.com/Normation/ncf/pull/836

Actions
Copy link
 #2

Updated by Vincent MEMBRÉ about 6 years ago

  • Status changed from New to In progress
  • Assignee set to Vincent MEMBRÉ
Actions
Copy link
 #3

Updated by Vincent MEMBRÉ about 6 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Vincent MEMBRÉ to Benoît PECCATTE
  • Pull Request set to https://github.com/Normation/ncf/pull/837
Actions
Copy link
 #4

Updated by Benoît PECCATTE about 6 years ago

  • Related to Bug #13175: rudder agent log files content in user facility added
Actions
Copy link
 #5

Updated by Nicolas CHARLES about 6 years ago

  • Status changed from Pending technical review to In progress
  • Assignee changed from Benoît PECCATTE to Nicolas CHARLES

I'm taking over this issue!

Actions
Copy link
 #6

Updated by Nicolas CHARLES about 6 years ago

Fix in 4.1 is really not trivial - it seems we need to rewrite the whole stack of loging to fix it.
Correcting in branch 4.3 in #13175

Actions
Copy link
 #7

Updated by Vincent MEMBRÉ about 6 years ago

  • Assignee changed from Nicolas CHARLES to Benoît PECCATTE
Actions
Copy link
 #8

Updated by Rudder Quality Assistant about 6 years ago

  • Assignee changed from Benoît PECCATTE to Vincent MEMBRÉ
Actions
Copy link
 #9

Updated by Vincent MEMBRÉ about 6 years ago

  • Status changed from In progress to Pending release

Applied in changeset ncf:commit:da2129f9bc50bb77f888993b7635c3a7362189bc.

Actions
Copy link
 #10

Updated by Vincent MEMBRÉ about 6 years ago

Applied in changeset ncf:commit:01e928d6b7a5b29bc460a26db2c7f564f970dd51.

Actions
Copy link
 #11

Updated by Vincent MEMBRÉ about 6 years ago

  • Status changed from Pending release to Released
This bug has been fixed in Rudder 4.1.15, 4.3.5 and 5.0.1 which were released today. 
Changelog
 Changelog
 Changelog
Actions
Copy link
 #12

Updated by Vincent MEMBRÉ over 5 years ago

  • Private changed from Yes to No
  • Priority changed from 137 to 0
Actions
Copy link

Also available in: Atom PDF