On 2020-02-10 11:57, Josef Reidinger wrote:
Well, issue is that we log values for our UI terms (not in libyui, but
when we construct values). So if you have e.g. password for your ftp
server ( lets say ftp://user:[email protected] ) and you open dialog
that allows edit this source e.g. packager if you use it for you
repos, then you see in logs something like:
Then the bug is that those terms are logged.
Since that logging is only ever useful when somebody is debugging the
very low-level functions deep down, this should be ifdef'ed out by
default. It's not as if any of us would EVER make use of that level of
logging.
If you want to see the widget tree, you can simply use
UI.DumpWidgetTree() which does not leak any details that may be
confidential like passwords; or use the YDialogSpy (Ctrl-Shift-Alt-Y).
But we really shouldn't make life harder for us and for our users by
potentially leaking confidential information and then trying to disguise
that problem by y2log tarball permissions and disclaimers and whatnot.
We need the y2logs for debugging and bug fixing. We need our users to be
able to trust us with that. So we need to take the utmost care to NOT
leak any confidential information. So please let's get rid of such
logging leaks.
The same is true, of course, for places where we dump complete data
structures to the log that may also contain passwords. We may need
special log functions in some places to replace such information with
something neutral like "<password not logged>"; this is also important
to build trust with our users.
Kind regards
--
Stefan Hundhammer <[email protected]>
YaST Developer
SUSE Linux GmbH
GF: Felix Imendörffer, Jane Smithard, Graham Norton; HRB 21284 (AG
Nürnberg)
--
To unsubscribe, e-mail: [email protected]
To contact the owner, e-mail: [email protected]
