Entire process's environment attached to bugzillas by ABRT
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Mon Dec 1 14:18:36 UTC 2014
On Sun, Nov 30, 2014 at 01:43:39PM +0000, Richard W.M. Jones wrote:
> On Fri, Nov 28, 2014 at 07:39:47AM +0100, Jakub Filak wrote:
> > The discussion I mentioned above was primarily about OpenStack (but the
> > participants also expressed concerns about sending 'environ' to Bugzilla
> > at all), where people are regularly storing their passwords and tokens
> > as environment variables.
>
> Yes unfortunately OpenStack does by default encourage people to source
> a 'keystonerc_admin' file which contains authentication tokens. The
> file will look something like this:
>
> export OS_USERNAME=admin
> export OS_TENANT_NAME=admin
> export OS_PASSWORD=mysecretpassword
> export OS_AUTH_URL=http://127.0.0.1:35357/v2.0/
> For Amazon EC2 you'd want to scrub /^AWS_/
Would it be enough to scrub OS_PASSWORD? We could filter out *PASSWORD*
without gathering 50 cases.
Zbyszek
More information about the devel
mailing list