[MB-40765] cbbackupmgr shouldn't log/collect sensitive information - Couchbase database

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 6.6.0
Fix Version/s: 6.6.0, 6.5.2
Component/s: tools
Labels:
- approved-for-6.5.2
- approved-for-6.6.0
Environment:
Both windows and linux

Triage:
Untriaged
Story Points:
1
Is this a Regression?:
No

Description

What's the issue?
There is a couple of places where 'cbbackupmgr' may implicitly scrape sensitive information where it shouldn't. For example:
1) 'cbbackupmgr' logs the S3 access keys at the beginning of running a sub-command (6.6.x+ only)
2) Some of the (platform specific) commands run when collecting system information may collect the command line arguments of other processes on the system.

Steps to reproduce #1
1) Install Couchbase server 6.6.0-7897 on a windows server 2016
2) Run backup to S3.
3) Run collect-logs in S3 using cbbackupmgr, logs collect ok but it display all S3 credentials in raw text.

 -c localhost -u <ud>Administrator</ud> -p ******** -r backup -a s3://bkrepo --obj-access-key-id AKIAJP --obj-secret-access-key xzsNfaTXZWBf --obj-staging-dir /root/bk-staging --obj-region us-west-2

2020-08-04T22:48:59.413+00:00 (Cmd) mounted archive with id: 2b4c1837-86c1-4275-8934-9d138b2f7709

2020-08-04T22:48:59.415+00:00 (Rest) GET http://localhost:8091/pools 200

2020-08-04T22:48:59.419+00:00 (Rest) GET http://localhost:8091/pools/default 200

2020-08-04T22:48:59.424+00:00 (Rest) GET http://localhost:8091/pools/default/buckets 200

2020-08-04T22:48:59.468+00:00 (Rest) GET http://localhost:8091/pools/default/buckets 200

2020-08-04T22:48:59.473+00:00 (Rest) GET http://localhost:8091/pools/default/buckets/travel-sample 200

2020-08-04T22:48:59.475+00:00 (Rest) GET http://localhost:8091/pools 200

2020-08-04T22:48:59.475+00:00 (Cmd) Backing up cluster 759547ebd21e733e4173ad953bb0b196

2020-08-04T22:48:59.476+00:00 (Stats) Starting stat gathering - stat timestamp: 1596581339

2020-08-04T22:48:59.476+00:00 (Plan) Transferring cluster configuration

2020-08-04T22:48:59.477+00:00 (Rest)

We need to hide it as in password
This issue prevent upload logs to ~~MB-40764~~

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

cbbackupmgr-collectinfo-couchbase-archive-2020-08-06T170212.zip
72 kB
06/Aug/20 9:03 AM
cbbackupmgr-collectinfo-my_archive-2021-01-28T182737.zip
1.55 MB
28/Jan/21 10:47 AM
cbbackupmgr-collectinfo-my_archive-2021-01-28T182737 2.zip
1.55 MB
28/Jan/21 10:51 AM
cbbackupmgr-collectinfo-my_archive-2021-01-28T185045.zip
1.65 MB
28/Jan/21 11:00 AM
mac-os-cbbackupmgr-collectinfo-archive-2020-08-06T164507.zip
53 kB
06/Aug/20 9:01 AM
ss 2020-08-05 at 5.23.30 PM.png
29 kB
05/Aug/20 5:27 PM
windows-cbbackupmgr-collectinfo-couchbase-archive-2020-08-06T122944.zip
14 kB
06/Aug/20 12:32 PM

Options
- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

Gerrit Reviews

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

Descending order - Click to sort in ascending order

Hide

Permalink

Asad Zaidi added a comment - 28/Jan/21 10:53 AM - edited

Verification for 6.5.2-6624 on Windows:

This ticket seems to discuss two related issues.

1. The first issue is that cbbackupmgr logged AWS credentials, this only affects versions 6.6.x and above.

Cbbackupmgr in version 6.5.2 cannot backup to s3 so it is not affected by this issue.

2. The second issue is that process arguments were being logged revealing sensitive information.

We can check that this is fixed by running various cbbackupmgr sub-commands and checking if process arguments are leaked and if any sensitive information is revealed.

I created a backup archive, performed 3 backups and used the info command to check which backups exist.

I then used the collect-log sub command to produce the following logs:

cbbackupmgr-collectinfo-my_archive-2021-01-28T182737.zip

I performed a case-case-insensistive grep for 'administrator' and 'password'. In addition, I do not seem to see any process arguments.

(It's definitely worth if someone could take a second look at these).

An additional collection where I also performed the restore command.

cbbackupmgr-collectinfo-my_archive-2021-01-28T185045.zip

^{The grep results:}

sadzaidi@EM224 cbbackupmgr-collectinfo-my_archive-2021-01-28T185045 % grep -ri 'administrator' ./

asadzaidi@EM224 cbbackupmgr-collectinfo-my_archive-2021-01-28T185045 % grep -ri 'password' ./

.//system_info.log:AdminPasswordStatus  AutomaticManagedPagefile  AutomaticResetBootOption  AutomaticResetCapability  BootOptionOnLimit  BootOptionOnWatchDog  BootROMSupported  BootStatus  BootupState  Caption          ChassisBootupState  ChassisSKUNumber  CreationClassName     CurrentTimeZone  DaylightInEffect  Description       DNSHostName      Domain     DomainRole  EnableDaylightSavingsTime  FrontPanelResetStatus  HypervisorPresent  InfraredSupported  InitialLoadInfo  InstallDate  KeyboardPasswordStatus  LastLoadInfo  Manufacturer  Model       Name             NameFormat  NetworkServerModeEnabled  NumberOfLogicalProcessors  NumberOfProcessors  OEMLogoBitmap  OEMStringArray  PartOfDomain  PauseAfterReset  PCSystemType  PCSystemTypeEx  PowerManagementCapabilities  PowerManagementSupported  PowerOnPasswordStatus  PowerState  PowerSupplyState  PrimaryOwnerContact  PrimaryOwnerName  ResetCapability  ResetCount  ResetLimit  Roles                                               Status  SupportContactDescription  SystemFamily  SystemSKUNumber  SystemStartupDelay  SystemStartupOptions  SystemStartupSetting  SystemType    ThermalState  TotalPhysicalMemory  UserName  WakeUpType  Workgroup

asadzaidi@EM224 cbbackupmgr-collectinfo-my_archive-2021-01-28T185045 %

Show

Asad Zaidi added a comment - 28/Jan/21 10:53 AM - edited Verification for 6.5.2-6624 on Windows: This ticket seems to discuss two related issues. 1. The first issue is that cbbackupmgr logged AWS credentials, this only affects versions 6.6.x and above. Cbbackupmgr in version 6.5.2 cannot backup to s3 so it is not affected by this issue. 2. The second issue is that process arguments were being logged revealing sensitive information. We can check that this is fixed by running various cbbackupmgr sub-commands and checking if process arguments are leaked and if any sensitive information is revealed. I created a backup archive, performed 3 backups and used the info command to check which backups exist. I then used the collect-log sub command to produce the following logs: cbbackupmgr-collectinfo-my_archive-2021-01-28T182737.zip I performed a case-case-insensistive grep for 'administrator' and 'password'. In addition, I do not seem to see any process arguments. (It's definitely worth if someone could take a second look at these). An additional collection where I also performed the restore command. cbbackupmgr-collectinfo-my_archive-2021-01-28T185045.zip The grep results: sadzaidi@EM224 cbbackupmgr-collectinfo-my_archive-2021-01-28T185045 % grep -ri 'administrator' ./ asadzaidi@EM224 cbbackupmgr-collectinfo-my_archive-2021-01-28T185045 % grep -ri 'password' ./ .//system_info.log:AdminPasswordStatus AutomaticManagedPagefile AutomaticResetBootOption AutomaticResetCapability BootOptionOnLimit BootOptionOnWatchDog BootROMSupported BootStatus BootupState Caption ChassisBootupState ChassisSKUNumber CreationClassName CurrentTimeZone DaylightInEffect Description DNSHostName Domain DomainRole EnableDaylightSavingsTime FrontPanelResetStatus HypervisorPresent InfraredSupported InitialLoadInfo InstallDate KeyboardPasswordStatus LastLoadInfo Manufacturer Model Name NameFormat NetworkServerModeEnabled NumberOfLogicalProcessors NumberOfProcessors OEMLogoBitmap OEMStringArray PartOfDomain PauseAfterReset PCSystemType PCSystemTypeEx PowerManagementCapabilities PowerManagementSupported PowerOnPasswordStatus PowerState PowerSupplyState PrimaryOwnerContact PrimaryOwnerName ResetCapability ResetCount ResetLimit Roles Status SupportContactDescription SystemFamily SystemSKUNumber SystemStartupDelay SystemStartupOptions SystemStartupSetting SystemType ThermalState TotalPhysicalMemory UserName WakeUpType Workgroup asadzaidi@EM224 cbbackupmgr-collectinfo-my_archive-2021-01-28T185045 %

Hide

Permalink

Couchbase Build Team added a comment - 25/Jan/21 3:24 PM

Build couchbase-server-6.5.2-6622 contains backup commit db275f5 with commit message:
~~MB-40765~~ [BP] Don't collect sensitive information when collecting logs

Show

Couchbase Build Team added a comment - 25/Jan/21 3:24 PM Build couchbase-server-6.5.2-6622 contains backup commit db275f5 with commit message: MB-40765 [BP] Don't collect sensitive information when collecting logs

Hide

Permalink

Couchbase Build Team added a comment - 25/Jan/21 3:24 PM

Build couchbase-server-6.5.2-6622 contains backup commit 123066a with commit message:
~~MB-40765~~ [BP] Display the command without arguments in 'ps' output

Show

Couchbase Build Team added a comment - 25/Jan/21 3:24 PM Build couchbase-server-6.5.2-6622 contains backup commit 123066a with commit message: MB-40765 [BP] Display the command without arguments in 'ps' output

Hide

Permalink

Couchbase Build Team added a comment - 25/Jan/21 3:24 PM

Build couchbase-server-6.5.2-6622 contains backup commit f7a2eaa with commit message:
~~MB-40765~~ [BP] Add 'comm' to 'ps' call to 'exec.Command'

Show

Couchbase Build Team added a comment - 25/Jan/21 3:24 PM Build couchbase-server-6.5.2-6622 contains backup commit f7a2eaa with commit message: MB-40765 [BP] Add 'comm' to 'ps' call to 'exec.Command'

Hide

Permalink

Couchbase Build Team added a comment - 25/Jan/21 3:24 PM

Build couchbase-server-6.5.2-6622 contains backup commit 09258c5 with commit message:
~~MB-40765~~ [BP] Don't show verbose task information using 'tasklist'

Show

Couchbase Build Team added a comment - 25/Jan/21 3:24 PM Build couchbase-server-6.5.2-6622 contains backup commit 09258c5 with commit message: MB-40765 [BP] Don't show verbose task information using 'tasklist'

38 older comments