Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[hostcfgd/tacacs] Avoid printing credential into syslog #1444

Merged
merged 2 commits into from
Mar 3, 2018
Merged

[hostcfgd/tacacs] Avoid printing credential into syslog #1444

merged 2 commits into from
Mar 3, 2018

Conversation

taoyl-ms
Copy link
Contributor

@taoyl-ms taoyl-ms commented Mar 2, 2018

- What I did
hostcfgd print debug information into syslog when any tacacs-related field changes, which might include confidential information (passkey). This change is to remove this logging to avoid credential leak.

@taoyl-ms taoyl-ms requested a review from lguohan March 2, 2018 02:12
@jleveque
Copy link
Contributor

jleveque commented Mar 2, 2018
edited
Loading

Are we sure we want to remove these log messages entirely, or should we instead check if key == "passkey" and if so, obfuscate the value by outputting something like ****?

@taoyl-ms
Copy link
Contributor Author

taoyl-ms commented Mar 2, 2018

It's actually not key == 'passkey' but value.has_key('passkey'). I can still do that obfuscation though. Question is, do we really need every value change in syslog?

@taoyl-ms taoyl-ms changed the title [tacacs] Avoid printing credential into syslog [hostcfgd/tacacs] Avoid printing credential into syslog Mar 3, 2018
@lguohan lguohan merged commit 09f2385 into sonic-net:master Mar 3, 2018
@taoyl-ms taoyl-ms mentioned this pull request Mar 27, 2018
Merged
abdosi added a commit to abdosi/sonic-buildimage that referenced this pull request Sep 29, 2020
@abdosi
[Submodule update] sonic swss
4156c1a 
be51ebc Add IPv6 key item support to request parser (sonic-net#1449)
76e2251 When teamd feature state is disabled the Netdevice created by teamd were (sonic-net#1450)
6aa97ce Use .clear() after std::move() (sonic-net#1444)
d5757db Add libzmq to README dependencies (sonic-net#1447)
c7b262e Add libzmq to Makefiles (sonic-net#1443)
0b2e59a [drop counters] Clarify log messages for initial counter setup (sonic-net#1445)
003cf24 [dvs] Refactor and add buffer pool wm test (sonic-net#1446)
2f5d2d9 [acl] Remove Ethertype from L3V6 qualifiers (sonic-net#1433)
f7b974f Fix issue: bufferorch only pass the first attribute to sai when setting attribute (sonic-net#1442)

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
@abdosi abdosi mentioned this pull request Sep 29, 2020
Merged
3 tasks
lguohan pushed a commit that referenced this pull request Oct 2, 2020
@abdosi
[Submodule update] sonic swss (#5489)
dda9802 
be51ebc Add IPv6 key item support to request parser (#1449)
76e2251 When teamd feature state is disabled the Netdevice created by teamd were (#1450)
6aa97ce Use .clear() after std::move() (#1444)
d5757db Add libzmq to README dependencies (#1447)
c7b262e Add libzmq to Makefiles (#1443)
0b2e59a [drop counters] Clarify log messages for initial counter setup (#1445)
003cf24 [dvs] Refactor and add buffer pool wm test (#1446)
2f5d2d9 [acl] Remove Ethertype from L3V6 qualifiers (#1433)
f7b974f Fix issue: bufferorch only pass the first attribute to sai when setting attribute (#1442)

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
@jleveque jleveque mentioned this pull request Feb 24, 2021
Closed
santhosh-kt pushed a commit to santhosh-kt/sonic-buildimage that referenced this pull request Feb 25, 2021
@abdosi @santhosh-kt
[Submodule update] sonic swss (sonic-net#5489)
35caaa5 
be51ebc Add IPv6 key item support to request parser (sonic-net#1449)
76e2251 When teamd feature state is disabled the Netdevice created by teamd were (sonic-net#1450)
6aa97ce Use .clear() after std::move() (sonic-net#1444)
d5757db Add libzmq to README dependencies (sonic-net#1447)
c7b262e Add libzmq to Makefiles (sonic-net#1443)
0b2e59a [drop counters] Clarify log messages for initial counter setup (sonic-net#1445)
003cf24 [dvs] Refactor and add buffer pool wm test (sonic-net#1446)
2f5d2d9 [acl] Remove Ethertype from L3V6 qualifiers (sonic-net#1433)
f7b974f Fix issue: bufferorch only pass the first attribute to sai when setting attribute (sonic-net#1442)

Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
stepanblyschak pushed a commit to stepanblyschak/sonic-buildimage that referenced this pull request May 10, 2021
@jleveque
[decode-syseeprom] Refactor use of swsscommon; Add unit tests (sonic-…
4e27ad7 
…net#1444)

- Refactor the way swsscommon is used in decode-syseeprom to align with more modern approach
- Add unit tests for DB-related functionality of decode-syseeprom utility
- Align whitespace in tests/mock_tables/state_db.json
theasianpianist pushed a commit to theasianpianist/sonic-buildimage that referenced this pull request Feb 5, 2022
@pavel-shirshov
Use .clear() after std::move() (sonic-net#1444)
6aa97ce 
1. Use .clear() after std::move from the vector to make sure that the
vector is in a correct state.
2. Remove the if condition which is not required here.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lguohan lguohan lguohan approved these changes

@jleveque jleveque jleveque approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@taoyl-ms @jleveque @lguohan