From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtpng2.m.smailru.net (smtpng2.m.smailru.net [94.100.179.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 66EFC46971A for ; Fri, 13 Dec 2019 00:25:33 +0300 (MSK) From: Maria Date: Fri, 13 Dec 2019 00:25:43 +0300 Message-Id: <20191212212543.37466-1-maria.khaydich@tarantool.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [Tarantool-patches] [PATCH] box: replication shouldn't leak user password List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: tarantool-patches@dev.tarantool.org, georgy@tarantool.org, alexander.turenko@tarantool.org, v.shpilevoy@tarantool.org It was possible to leak user password through setting 'replication' configuration option in first box.cfg invocation. This happened due to unconditional logging in load_cfg function. The patch introduces conditional logging. Closes #4493 --- Issue: https://github.com/tarantool/tarantool/issues/4493 Branch: https://github.com/tarantool/tarantool/tree/eljashm/gh-4493-box.cfg-log-may-leak-passwords src/box/lua/load_cfg.lua | 3 +++ test/box/load_cfg.result | 37 +++++++++++++++++++++++++++++++++++++ test/box/load_cfg.test.lua | 14 ++++++++++++++ test/box/lua/cfg_test6.lua | 10 ++++++++++ 4 files changed, 64 insertions(+) create mode 100644 test/box/load_cfg.result create mode 100644 test/box/load_cfg.test.lua create mode 100644 test/box/lua/cfg_test6.lua diff --git a/src/box/lua/load_cfg.lua b/src/box/lua/load_cfg.lua index 85617c8f0..5aa6ce703 100644 --- a/src/box/lua/load_cfg.lua +++ b/src/box/lua/load_cfg.lua @@ -548,6 +548,9 @@ local function load_cfg(cfg) fun() end if not compare_cfg(val, default_cfg[key]) then + if log_cfg_option[key] ~= nil then + val = log_cfg_option[key](val) + end log.info("set '%s' configuration option to %s", key, json.encode(val)) end end diff --git a/test/box/load_cfg.result b/test/box/load_cfg.result new file mode 100644 index 000000000..0abffd409 --- /dev/null +++ b/test/box/load_cfg.result @@ -0,0 +1,37 @@ +-- test-run result file version 2 +env = require('test_run') + | --- + | ... +test_run = env.new() + | --- + | ... + +-- +-- gh-4493: Replication user password may leak to logs +-- +test_run:cmd('create server cfg_tester7 with script = "box/lua/cfg_test6.lua"') + | --- + | - true + | ... +test_run:cmd("start server cfg_tester7") + | --- + | - true + | ... +-- test there is replication log in log +test_run:grep_log('cfg_tester7', 'set \'replication\' configuration option to', 1000) + | --- + | - set 'replication' configuration option to + | ... +-- test there is no password in log +test_run:grep_log('cfg_tester7', 'test-cluster-cookie', 1000) + | --- + | - null + | ... +test_run:cmd("stop server cfg_tester7") + | --- + | - true + | ... +test_run:cmd("cleanup server cfg_tester7") + | --- + | - true + | ... diff --git a/test/box/load_cfg.test.lua b/test/box/load_cfg.test.lua new file mode 100644 index 000000000..e0c3b361b --- /dev/null +++ b/test/box/load_cfg.test.lua @@ -0,0 +1,14 @@ +env = require('test_run') +test_run = env.new() + +-- +-- gh-4493: Replication user password may leak to logs +-- +test_run:cmd('create server cfg_tester7 with script = "box/lua/cfg_test6.lua"') +test_run:cmd("start server cfg_tester7") +-- test there is replication log in log +test_run:grep_log('cfg_tester7', 'set \'replication\' configuration option to', 1000) +-- test there is no password in log +test_run:grep_log('cfg_tester7', 'test-cluster-cookie', 1000) +test_run:cmd("stop server cfg_tester7") +test_run:cmd("cleanup server cfg_tester7") diff --git a/test/box/lua/cfg_test6.lua b/test/box/lua/cfg_test6.lua new file mode 100644 index 000000000..efcfc6f3e --- /dev/null +++ b/test/box/lua/cfg_test6.lua @@ -0,0 +1,10 @@ +#!/usr/bin/env tarantool +os = require('os') + +box.cfg{ + listen = os.getenv("LISTEN"), + replication = "admin:test-cluster-cookie@" .. os.getenv("LISTEN"), + replication_connect_timeout = 0.1, +} + +require('console').listen(os.getenv('ADMIN')) -- 2.20.1 (Apple Git-117)