You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2017/05/22 14:16:28 UTC
[Bug 61114] New: startup.VersionLoggerListener may leak sensitive
information
https://bz.apache.org/bugzilla/show_bug.cgi?id=61114
Bug ID: 61114
Summary: startup.VersionLoggerListener may leak sensitive
information
Product: Tomcat 8
Version: 8.0.28
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: juergen.hermann@1und1.de
Target Milestone: ----
Related to https://bz.apache.org/bugzilla/show_bug.cgi?id=56401
When passwords or similar are part of the JVM command line, they end up in logs
that might be shipped to locations where you don't want that information to end
up in. At least well-known cases should be handled
(-Djavax.net.ssl.trustStorePassword=...).
Possible remedies:
* Provide an option to not log command line args (but the other information).
* Handle well-known cases via a blacklist of substrings / regex that prevent
logging ("javax.net.ssl.trustStorePassword", or "password" and "secret" in
general).
Or course, removing the listener also works, but at the price of removing *all*
of its logging.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 61114] startup.VersionLoggerListener may leak sensitive
information
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61114
Michael Osipov <19...@gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |1983-01-06@gmx.net
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 61114] startup.VersionLoggerListener may leak sensitive
information
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61114
Konstantin Kolinko <kn...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |WONTFIX
--- Comment #1 from Konstantin Kolinko <kn...@gmail.com> ---
1. The option already exists. Looking at the oldest version supported now
(7.0.x), it is named "logArgs", in all newer versions as well.
http://tomcat.apache.org/tomcat-7.0-doc/config/listeners.html
2. Passing secrets via command line arguments is well-known bad idea / SNAFU,
because they are visible to other local users that can run "ps" command or read
"/proc/<pid>/cmdline".
A better idea will be to put them into conf/catalina.properties
Also see the FAQ
https://wiki.apache.org/tomcat/FAQ/Password
Note that system properties are not logged by default configuration of
VersionLoggerListener (configured by the "logProps" attribute).
3. Command line arguments provide important information for troubleshooting.
JVM options, memory size configuration, logging configuration.
4. Logs are well known to contain sensitive information (e.g. they may contain
session ids) and shall be protected from world-wide access.
I do not see what can be improved here. Closing as WONTFIX.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 61114] startup.VersionLoggerListener may leak sensitive
information
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61114
--- Comment #2 from jhermann <ju...@1und1.de> ---
Sorry, should've thought of checking the docs before-hand. Thanks for the
hints, those helped.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org