Re: CredentialCache might leak through Log

2017-08-31 Thread Viktor Somogyi 
Hi Rodrigo,

What attacks are possible if this info is exposed?
I think printing the first one on debug is ok since that mode shouldn't be
enabled in production, while it might be very useful while debugging.
For the second one I could agree that we should print a sanitized warn
depending on the log level if the info we expose is a good surface for
attacks.

Regards,
Viktor

On Mon, Aug 21, 2017 at 10:17 PM, Rodrigo Andrade  wrote:

> Hi all,
>
> I think Kafka should avoid printing
>  SaslServerAuthenticator.credentialCache information through Log. I
> noticed
> that it might happen at lines 162 and 181 in SaslServerAuthentication. More
> specifically, through these lines:
>
> *LOG.debug("Creating SaslServer for {} with mechanism {}", kerberosName,
> saslMechanism);*
>
> *LOG.warn("Cannot add private credential to subject; clients authentication
> may fail", ex);*
>
> Perhaps sanitizing the information being printed would solve this issue.
>
> Best regards,
> Rodrigo Andrade
>

CredentialCache might leak through Log

2017-08-21 Thread Rodrigo Andrade 
Hi all,

I think Kafka should avoid printing
 SaslServerAuthenticator.credentialCache information through Log. I noticed
that it might happen at lines 162 and 181 in SaslServerAuthentication. More
specifically, through these lines:

*LOG.debug("Creating SaslServer for {} with mechanism {}", kerberosName,
saslMechanism);*

*LOG.warn("Cannot add private credential to subject; clients authentication
may fail", ex);*

Perhaps sanitizing the information being printed would solve this issue.

Best regards,
Rodrigo Andrade