Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-40765

cbbackupmgr shouldn't log/collect sensitive information

    XMLWordPrintable

Details

    • Untriaged
    • 1
    • No

    Description

      What's the issue?
      There is a couple of places where 'cbbackupmgr' may implicitly scrape sensitive information where it shouldn't. For example:
      1) 'cbbackupmgr' logs the S3 access keys at the beginning of running a sub-command (6.6.x+ only)
      2) Some of the (platform specific) commands run when collecting system information may collect the command line arguments of other processes on the system.

      Steps to reproduce #1
      1) Install Couchbase server 6.6.0-7897 on a windows server 2016
      2) Run backup to S3.
      3) Run collect-logs in S3 using cbbackupmgr, logs collect ok but it display all S3 credentials in raw text.

       
       -c localhost -u <ud>Administrator</ud> -p ******** -r backup -a s3://bkrepo --obj-access-key-id AKIAJP --obj-secret-access-key xzsNfaTXZWBf --obj-staging-dir /root/bk-staging --obj-region us-west-2 
      2020-08-04T22:48:59.413+00:00 (Cmd) mounted archive with id: 2b4c1837-86c1-4275-8934-9d138b2f7709
      2020-08-04T22:48:59.415+00:00 (Rest) GET http://localhost:8091/pools 200
      2020-08-04T22:48:59.419+00:00 (Rest) GET http://localhost:8091/pools/default 200
      2020-08-04T22:48:59.424+00:00 (Rest) GET http://localhost:8091/pools/default/buckets 200
      2020-08-04T22:48:59.468+00:00 (Rest) GET http://localhost:8091/pools/default/buckets 200
      2020-08-04T22:48:59.473+00:00 (Rest) GET http://localhost:8091/pools/default/buckets/travel-sample 200
      2020-08-04T22:48:59.475+00:00 (Rest) GET http://localhost:8091/pools 200
      2020-08-04T22:48:59.475+00:00 (Cmd) Backing up cluster 759547ebd21e733e4173ad953bb0b196
      2020-08-04T22:48:59.476+00:00 (Stats) Starting stat gathering - stat timestamp: 1596581339
      2020-08-04T22:48:59.476+00:00 (Plan) Transferring cluster configuration
      2020-08-04T22:48:59.477+00:00 (Rest) 
      

      We need to hide it as in password
      This issue prevent upload logs to MB-40764

      Attachments

        Activity

          People

            thuan Thuan Nguyen
            thuan Thuan Nguyen
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              PagerDuty