You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@geode.apache.org by "Patrick Rhomberg (JIRA)" <ji...@apache.org> on 2018/03/01 19:31:00 UTC

[jira] [Updated] (GEODE-3452) gfsh does not redact passwords from history until the session is closed

     [ https://issues.apache.org/jira/browse/GEODE-3452?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Patrick Rhomberg updated GEODE-3452:
------------------------------------
    Description: 
The `ArgumentRedactor` does not act on `gfsh` history until it is written to file when the `gfsh` session is closed.  As a result, non-redacted passwords may be exposed in the `history` command as well as the Ctrl-R reverse-i-search until the session is closed.

Because the redactor's behavior is simple, you can reproduce this with a simple `echo` command.

{noformat}
gfsh> echo "example case --exposed-option=123 --password=456"
example case --exposed-option 123 --password=456

gfsh> history
[...]
491  490: echo "example case --exposed-option=123 --password=456"
492  491: history

gfsh> exit
Exiting...

[Restart gfsh]

gfsh> history
480  479: echo "example case --exposed-option=123 --password=*****
481  480: history
482  481: exit
483  482: history
{noformat}

---

Update: Upon a quick investigation, it appears that this and GEODE-4318 both can be addressed by creating / overriding and redacting in {{GfshHistory}}'s implementation of {{jline.console.history.History::add}}.  Closing this ticket as a duplicate of 4318.

  was:
The `ArgumentRedactor` does not act on `gfsh` history until it is written to file when the `gfsh` session is closed.  As a result, non-redacted passwords may be exposed in the `history` command as well as the Ctrl-R reverse-i-search until the session is closed.

Because the redactor's behavior is simple, you can reproduce this with a simple `echo` command.

{noformat}
gfsh> echo "example case --exposed-option=123 --password=456"
example case --exposed-option 123 --password=456

gfsh> history
[...]
491  490: echo "example case --exposed-option=123 --password=456"
492  491: history

gfsh> exit
Exiting...

[Restart gfsh]

gfsh> history
480  479: echo "example case --exposed-option=123 --password=*****
481  480: history
482  481: exit
483  482: history
{noformat}


> gfsh does not redact passwords from history until the session is closed
> -----------------------------------------------------------------------
>
>                 Key: GEODE-3452
>                 URL: https://issues.apache.org/jira/browse/GEODE-3452
>             Project: Geode
>          Issue Type: Bug
>          Components: gfsh, logging, security
>            Reporter: Patrick Rhomberg
>            Priority: Major
>
> The `ArgumentRedactor` does not act on `gfsh` history until it is written to file when the `gfsh` session is closed.  As a result, non-redacted passwords may be exposed in the `history` command as well as the Ctrl-R reverse-i-search until the session is closed.
> Because the redactor's behavior is simple, you can reproduce this with a simple `echo` command.
> {noformat}
> gfsh> echo "example case --exposed-option=123 --password=456"
> example case --exposed-option 123 --password=456
> gfsh> history
> [...]
> 491  490: echo "example case --exposed-option=123 --password=456"
> 492  491: history
> gfsh> exit
> Exiting...
> [Restart gfsh]
> gfsh> history
> 480  479: echo "example case --exposed-option=123 --password=*****
> 481  480: history
> 482  481: exit
> 483  482: history
> {noformat}
> ---
> Update: Upon a quick investigation, it appears that this and GEODE-4318 both can be addressed by creating / overriding and redacting in {{GfshHistory}}'s implementation of {{jline.console.history.History::add}}.  Closing this ticket as a duplicate of 4318.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)