Details
Bug
Blocker
Description
Check the CVE entry for a description:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0085
Activity
- All
- Comments
- Work Log
- History
- Activity
- Transitions
I took a stab at optionally encrypting snapshots and txn logs at rest in ZOOKEEPER-1688. The patch on that issue worked with 3.4 in the lab. I would say it's at the 'discussion starter' phase.
Thanks for pointing it out, Andrew Purtell. It sounds like a great feature to have. We might still want to try a fix without full encryption, though.
I asked for more details on the original bug and got an email from Red Hat Security Response Team.
https://bugzilla.redhat.com/show_bug.cgi?id=1067265
The original bug is not about ACL password. Some applications use ZooKeeper to store their passwords (like in a znode "/my/password"), and the transaction log files are not encrypted, so if you have read permission, you can see the password stored in the znode. Their fix is to encrypt the password before storing it in ZooKeeper.
That's pretty weird... So if someone stores their social security number or credit card number then we should request a CVE entry is created?
Putting the reason behind the report aside, it sounds like a good idea not to store the password hash as is. Andrew Purtell's solution is definitely an option, but it seems to be more appropriate if you're concerned about sensitive data being exposed. If all you're trying to do is to avoid having passwords exposed, then perhaps that's overkill and we could simply find a way to avoid having it in the logs.
In any case, I'm just trying to figure out what our story is, and we should recommend to anyone concerned about it. What do you think?
Yes, it is pretty weird. I guess we can set the expectation by documenting that transaction logs and snapshots are not encrypted, and it is the user's responsibility to secure these files. I am -0 on ZOOKEEPER-1688. I don't think we should be dealing with on-disk encryption ourselves. The user can easily manage on-disk encryption outside of ZooKeeper.
Added a note to the administrator page. Could anyone have a look and see if this is ok?
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12667492/ZOOKEEPER-1917.patch
against trunk revision 1621313.
+1 @author. The patch does not contain any @author tags.
-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs (version 2.0.3) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2320//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2320//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Console output: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2320//console
This message is automatically generated.
+1 I'll check this in.
FAILURE: Integrated in ZooKeeper-trunk #2453 (See https://builds.apache.org/job/ZooKeeper-trunk/2453/)
ZOOKEEPER-1917 Apache Zookeeper logs cleartext admin passwords (fpj via michim) (michim: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1628123)
- /zookeeper/trunk/CHANGES.txt
- /zookeeper/trunk/src/docs/src/documentation/content/xdocs/zookeeperAdmin.xml
It looks like this patch broke the build. Sorry I should have verified the patch locally before checking in...
https://builds.apache.org/view/S-Z/view/ZooKeeper/job/ZooKeeper-trunk/2453/console
[exec] validate-xdocs:
[exec] /home/jenkins/jenkins-slave/workspace/ZooKeeper-trunk/trunk/src/docs/src/documentation/content/xdocs/zookeeperAdmin.xml:1687:15: The content of element type "section" must match "(sectioninfo?,(title,subtitle?,titleabbrev?),(((itemizedlist|orderedlist|variablelist|note|literallayout|programlisting|para|blockquote|mediaobject|informaltable|example|figure|table|sidebar|abstract|authorblurb|epigraph),section*)|section))".
[exec]
[exec] BUILD FAILED
[exec] /home/jenkins/tools/forrest/latest/main/targets/validate.xml:135: /home/jenkins/jenkins-slave/workspace/ZooKeeper-trunk/trunk/src/docs/src/documentation/content/xdocs/zookeeperAdmin.xml is not a valid XML document.
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12671992/ZOOKEEPER-1917.patch
against trunk revision 1628224.
+1 @author. The patch does not contain any @author tags.
-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs (version 2.0.3) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2358//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2358//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Console output: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2358//console
This message is automatically generated.
I don't believe we should say "(which is fairly uncommon)" given we don't really know. It's up to users what they put into zk, uncommon or common.
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12671992/ZOOKEEPER-1917.patch
against trunk revision 1630026.
+1 @author. The patch does not contain any @author tags.
-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs (version 2.0.3) warnings.
-1 release audit. The applied patch generated 2 release audit warnings (more than the trunk's current 0 warnings).
+1 core tests. The patch passed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2385//testReport/
Release audit warnings: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2385//artifact/trunk/patchprocess/patchReleaseAuditProblems.txt
Findbugs warnings: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2385//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Console output: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2385//console
This message is automatically generated.
Addressed Pat's comment.
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12674453/ZOOKEEPER-1917.patch
against trunk revision 1630026.
+1 @author. The patch does not contain any @author tags.
-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs (version 2.0.3) warnings.
-1 release audit. The applied patch generated 2 release audit warnings (more than the trunk's current 0 warnings).
-1 core tests. The patch failed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2388//testReport/
Release audit warnings: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2388//artifact/trunk/patchprocess/patchReleaseAuditProblems.txt
Findbugs warnings: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2388//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Console output: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/2388//console
This message is automatically generated.
Thanks Michi Mutsuzaki, committed the changes.
Committed to trunk : http://svn.apache.org/viewvc?view=revision&revision=1631277
Committed to br3.4 : http://svn.apache.org/viewvc?view=revision&revision=1631279
Committed to br3.5 : http://svn.apache.org/viewvc?view=revision&revision=1631278
SUCCESS: Integrated in ZooKeeper-trunk #2468 (See https://builds.apache.org/job/ZooKeeper-trunk/2468/)
ZOOKEEPER-1917 Apache Zookeeper logs cleartext admin passwords (michim via rakeshr) (rakeshr: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1631277)
- /zookeeper/trunk/src/docs/src/documentation/content/xdocs/zookeeperAdmin.xml
This is what I get when using this setAcl command with the cli:
First, what goes into the transaction log and I extract with logformatter:
23/04/14 11:28:26 BST session 0x1458e0f5a130001 cxid 0xd zxid 0x1f setACL '/test-acl,v{s{31,s{'digest,'super:/qrRr7/v21dMo0iDVdd2lttJEyw=}}},1I also get this log message, but the encoding seems to be incorrect: