[jira] [Resolved] (IMPALA-8127) AWS security token leaked to build log

Tue, 05 Feb 2019 05:19:26 -0800 


     [ 
https://issues.apache.org/jira/browse/IMPALA-8127?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tim Armstrong resolved IMPALA-8127.
-----------------------------------
    Resolution: Invalid

Not an issue with apache impala

> AWS security token leaked to build log
> --------------------------------------
>
>                 Key: IMPALA-8127
>                 URL: https://issues.apache.org/jira/browse/IMPALA-8127
>             Project: IMPALA
>          Issue Type: Bug
>          Components: Infrastructure
>    Affects Versions: Impala 3.1.0
>            Reporter: Paul Rogers
>            Assignee: Janaki Lahorani
>            Priority: Blocker
>              Labels: security-issue
>             Fix For: Impala 3.1.0
>
>
> The build for "asf-master-core-asan" failed due to IMPALA-8128. The log tried 
> to then upload core files to AWS. In doing so, the (presumably temporary) AWS 
> tokens were leaked into the build log:
> {noformat}
> 20:42:08 2019-01-25 20:42:08,728 - boto - DEBUG - StringToSign:
> 20:42:08 HEAD
> 20:42:08 Sat, 26 Jan 2019 04:42:08 GMT
> 20:42:08 x-amz-security-token:FQ...4gU=
> 20:42:08 /impala-coredump-archive/
> 20:42:08 2019-01-25 20:42:08,729 - boto - DEBUG - Signature:
> 20:42:08 AWS ASIA...g=
> 20:42:08 2019-01-25 20:42:08,729 - boto - DEBUG - Final headers: {'Date': 
> 'Sat, 26 Jan 2019 04:42:08 GMT', 'Content-Length': '0', 'Authorization': 
> u'AWS ASIAV...8ev4gU=', 'User-Agent': 'Boto/2.48.0 Python/2.7.5 
> Linux/3.10.0-693.5.2.el7.x86_64'}
> 20:42:08 2019-01-25 20:42:08,800 - boto - DEBUG - Response headers: 
> [('x-amz-bucket-region', 'us-west-2'), ('x-amz-id-2', 'MXD...U='), ('server', 
> 'AmazonS3'), ('transfer-encoding', 'chunked'), ('x-amz-request-id', 
> 'FB38CC160531DCFF'), ('date', 'Sat, 26 Jan 2019 04:42:09 GMT'), 
> ('content-type', 'application/xml')]
> {noformat}
> Even if these tokens are somehow benign (are expired by the time someone 
> reads them), the "optics" are bad: security tokens should be secure; they 
> should not be dumped to logs.
> As a workaround, if the team feels they do need the tokens, elide the tokens 
> as done in the text above. Provide enough characters to verify that the token 
> is the one expected, but leave off most of the text. Not ideal, but better 
> than exposing the entire token.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to