Entire process's environment attached to bugzillas by ABRT

Zbigniew Jędrzejewski-Szmek zbyszek at in.waw.pl
Mon Dec 1 14:18:36 UTC 2014

On Sun, Nov 30, 2014 at 01:43:39PM +0000, Richard W.M. Jones wrote:
> On Fri, Nov 28, 2014 at 07:39:47AM +0100, Jakub Filak wrote:
> > The discussion I mentioned above was primarily about OpenStack (but the
> > participants also expressed concerns about sending 'environ' to Bugzilla
> > at all), where people are regularly storing their passwords and tokens
> > as environment variables.
> Yes unfortunately OpenStack does by default encourage people to source
> a 'keystonerc_admin' file which contains authentication tokens.  The
> file will look something like this:
> export OS_USERNAME=admin
> export OS_TENANT_NAME=admin
> export OS_PASSWORD=mysecretpassword
> export OS_AUTH_URL=

> For Amazon EC2 you'd want to scrub /^AWS_/
Would it be enough to scrub OS_PASSWORD? We could filter out *PASSWORD*
without gathering 50 cases.


More information about the devel mailing list