[PATCH] Scrub vnc password for vfb

[PATCH] Scrub vnc password for vfb

[Masaki Kanno]

[-- Attachment #1: Mail message body --]
[-- Type: text/plain, Size: 844 bytes --]

Hi,

I saw the vnc password in xend.log as follows. 

[2008-02-05 10:35:08 6412] DEBUG (DevController:119) DevController: 
writing {'vncunused': '1', 'domain': 'rhel4VTI', 'frontend': '/local/
domain/1/device/vfb/0', 'uuid': 'e8e7f9db-e104-7d4a-36bd-d5f09ab34378', 
'vncpasswd': 'test', 'state': '1', 'online': '1', 'frontend-id': '1', 
'type': 'vnc'} to /local/domain/0/backend/vfb/1/0.

This patch scrubs it as follows. 

[2008-02-05 16:23:23 11188] DEBUG (DevController:120) DevController: 
writing {'vncunused': '1', 'domain': 'rhel4VTI', 'frontend': '/local/
domain/2/device/vfb/0', 'uuid': '53f05d3f-9994-bdd7-2293-d60c22b0568b', 
'vncpasswd': 'XXXXXXXX', 'state': '1', 'online': '1', 'frontend-id': '2', 
'type': 'vnc'} to /local/domain/0/backend/vfb/2/0.


Signed-off-by: Masaki Kanno <kanno.masaki@jp.fujitsu.com>

Best regards,
 Kan


[-- Attachment #2: scrub_passwd_vfb.patch --]
[-- Type: application/octet-stream, Size: 1370 bytes --]

diff -r 99b8ffe25088 tools/python/xen/xend/server/DevController.py
--- a/tools/python/xen/xend/server/DevController.py	Mon Feb 04 13:57:01 2008 +0000
+++ b/tools/python/xen/xend/server/DevController.py	Tue Feb 05 15:46:42 2008 +0900
@@ -22,6 +22,7 @@ from xen.xend import sxp, XendOptions
 from xen.xend import sxp, XendOptions
 from xen.xend.XendError import VmError
 from xen.xend.XendLogging import log
+import xen.xend.XendConfig
 
 from xen.xend.xenstore.xstransact import xstransact, complete
 from xen.xend.xenstore.xswatch import xswatch
@@ -113,10 +114,10 @@ class DevController:
                     raise VmError("Device %s is already connected." % dev_str)
 
                 if count == 0:
-                    log.debug('DevController: writing %s to %s.', str(front),
-                              frontpath)
-                    log.debug('DevController: writing %s to %s.', str(back),
-                              backpath)
+                    log.debug('DevController: writing %s to %s.',
+                              str(front), frontpath)
+                    log.debug('DevController: writing %s to %s.',
+                              str(xen.xend.XendConfig.scrub_password(back)), backpath)
                 elif count % 50 == 0:
                     log.debug(
                       'DevController: still waiting to write device entries.')

[-- Attachment #3: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Re: [PATCH] Scrub vnc password for vfb

[Keir Fraser]

This leads to a question -- should xend.log (and our other log files) be
world readable in the first place?

If we want to change it we may have to hack the logging package a bit, as it
seems that Python's open() function calls fopen() which does not allow you
to manually specify access permissions. Although we could have xend set its
umask to 0770. Maybe that would break other stuff though?

 -- Keir

On 5/2/08 07:47, "Masaki Kanno" <kanno.masaki@jp.fujitsu.com> wrote:

> Hi,
> 
> I saw the vnc password in xend.log as follows.
> 
> [2008-02-05 10:35:08 6412] DEBUG (DevController:119) DevController:
> writing {'vncunused': '1', 'domain': 'rhel4VTI', 'frontend': '/local/
> domain/1/device/vfb/0', 'uuid': 'e8e7f9db-e104-7d4a-36bd-d5f09ab34378',
> 'vncpasswd': 'test', 'state': '1', 'online': '1', 'frontend-id': '1',
> 'type': 'vnc'} to /local/domain/0/backend/vfb/1/0.
> 
> This patch scrubs it as follows.
> 
> [2008-02-05 16:23:23 11188] DEBUG (DevController:120) DevController:
> writing {'vncunused': '1', 'domain': 'rhel4VTI', 'frontend': '/local/
> domain/2/device/vfb/0', 'uuid': '53f05d3f-9994-bdd7-2293-d60c22b0568b',
> 'vncpasswd': 'XXXXXXXX', 'state': '1', 'online': '1', 'frontend-id': '2',
> 'type': 'vnc'} to /local/domain/0/backend/vfb/2/0.
> 
> 
> Signed-off-by: Masaki Kanno <kanno.masaki@jp.fujitsu.com>
> 
> Best regards,
>  Kan
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel

Re: [PATCH] Scrub vnc password for vfb

[Ian Jackson]

Keir Fraser writes ("Re: [Xen-devel] [PATCH] Scrub vnc password for vfb"):
> This leads to a question -- should xend.log (and our other log files) be
> world readable in the first place?

This is a decision for distributors I think.  The default isn't all
that important but I would personally prefer them to be readable.
Most setups have a dedicated dom0.

So we should launder things that go into logfiles.

Ian.

Re: [PATCH] Scrub vnc password for vfb

[Daniel P. Berrange]

On Tue, Feb 05, 2008 at 08:45:10AM +0000, Keir Fraser wrote:
> This leads to a question -- should xend.log (and our other log files) be
> world readable in the first place?

In Fedora & RHEL  /etc/xen and /var/log/xen are both mode 0700

> If we want to change it we may have to hack the logging package a bit, as it
> seems that Python's open() function calls fopen() which does not allow you
> to manually specify access permissions. Although we could have xend set its
> umask to 0770. Maybe that would break other stuff though?

The permissions of the logfile don't really matter once you set the directory
permissions - and this gives the admin flexibility to chmod/chgrp the dir
to allow selected users acccess to the logs


The main reason for scrubbing the logs is to protect users' passwords when
they post logfiles to mailing lists / bug trackers :-)

Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=|