[Bug 2085607] Re: [sru] Obfuscation issues in sosreport sos 4.7.2

Launchpad Bug Tracker 2085607 at bugs.launchpad.net
Tue Dec 10 14:49:37 UTC 2024 

This bug was fixed in the package sosreport - 4.7.2-0ubuntu1~22.04.2

---------------
sosreport (4.7.2-0ubuntu1~22.04.2) jammy; urgency=medium

  * Resolve obfuscation issues (LP: #2085607)
    - d/p/0003-sunbeam_hypervisor-Fix-obfuscation-for-ceilometer-an.patch:
      The sunbeam plugin was added recently, but ceilometer wasn't there.
    - d/p/0004-heat-Obfuscate-Add-auth_encryption_key-in-config.patch:
      The configuration option auth_encryption_key was not being
      obfuscated by default.
    - d/p/0005-placement-Obfuscate-passwords-that-have-been-missed.patch
      The NOVA_API_PASS and PLACEMENT_PASS were not being obfuscated
      in one of the config files.
    - d/p/0006-mysql-Add-obfuscation-for-password-in-conf-files.patch:
      The password field in one of the config files was not being obfuscated.

  * d/p/0007-processor-check-msr-module.patch: Check for and do not load the
    'msr' module by default in the processor plugin in jammy. (LP: #2089713)

 -- Arif Ali <arif.ali at canonical.com>  Thu, 24 Oct 2024 06:45:01 +0000

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2085607

Title:
  [sru] Obfuscation issues in sosreport sos 4.7.2

Status in sosreport source package in Focal:
  Fix Released
Status in sosreport source package in Jammy:
  Fix Released
Status in sosreport source package in Noble:
  Fix Released
Status in sosreport source package in Oracular:
  Fix Released

Bug description:
  [ Impact ]

  When doing SRU for sos 4.7.2 we encountered obfuscation issues,
  although not a regression at the time, it was still an issue that had
  been present for a while

  So, these passwords would be fully visible to the end support
  personnel and therefore leaked passwords.

  [ Test Plan ]

  1. Deploy a sunbeam simple cloud, and run the sos report, check to see if passwords are obfuscated in configuration file
  2. Deploy heat, and ensure auth_encryption_key is obfuscated in configuration file
  3. Deploy placement, and ensure that both NOVA_API_PASS and PLACEMENT_PASS are obfuscated in configuration file
  4. Deploy mysql and ensure password field is obfuscated in configuration file

  [ Where problems could occur ]

  The corresponding files are not obfuscated, and we need to update the
  patches

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/focal/+source/sosreport/+bug/2085607/+subscriptions

More information about the Ubuntu-sponsors mailing list