Details
-
Bug
-
Resolution: Fixed
-
Critical
-
6.6.0
-
Both windows and linux
-
Untriaged
-
1
-
No
Description
What's the issue?
There is a couple of places where 'cbbackupmgr' may implicitly scrape sensitive information where it shouldn't. For example:
1) 'cbbackupmgr' logs the S3 access keys at the beginning of running a sub-command (6.6.x+ only)
2) Some of the (platform specific) commands run when collecting system information may collect the command line arguments of other processes on the system.
Steps to reproduce #1
1) Install Couchbase server 6.6.0-7897 on a windows server 2016
2) Run backup to S3.
3) Run collect-logs in S3 using cbbackupmgr, logs collect ok but it display all S3 credentials in raw text.
|
-c localhost -u <ud>Administrator</ud> -p ******** -r backup -a s3://bkrepo --obj-access-key-id AKIAJP --obj-secret-access-key xzsNfaTXZWBf --obj-staging-dir /root/bk-staging --obj-region us-west-2
|
2020-08-04T22:48:59.413+00:00 (Cmd) mounted archive with id: 2b4c1837-86c1-4275-8934-9d138b2f7709
|
2020-08-04T22:48:59.415+00:00 (Rest) GET http://localhost:8091/pools 200
|
2020-08-04T22:48:59.419+00:00 (Rest) GET http://localhost:8091/pools/default 200
|
2020-08-04T22:48:59.424+00:00 (Rest) GET http://localhost:8091/pools/default/buckets 200
|
2020-08-04T22:48:59.468+00:00 (Rest) GET http://localhost:8091/pools/default/buckets 200
|
2020-08-04T22:48:59.473+00:00 (Rest) GET http://localhost:8091/pools/default/buckets/travel-sample 200
|
2020-08-04T22:48:59.475+00:00 (Rest) GET http://localhost:8091/pools 200
|
2020-08-04T22:48:59.475+00:00 (Cmd) Backing up cluster 759547ebd21e733e4173ad953bb0b196
|
2020-08-04T22:48:59.476+00:00 (Stats) Starting stat gathering - stat timestamp: 1596581339
|
2020-08-04T22:48:59.476+00:00 (Plan) Transferring cluster configuration
|
2020-08-04T22:48:59.477+00:00 (Rest)
|
We need to hide it as in password
This issue prevent upload logs to MB-40764