Issue #1871 has been updated by IanTurner. Affected version changed from 0.24.7 to 0.24.6
Tagmail is sending us messages of the form "Mon Jan 12 15:00:25 -0500 2009 //Node[default]/sudoers/File[/usr/site/etc/sudoers]/content (notice): is " followed by the file contents. This is for a file whose contents are generated from templates. Client and server are on the same machine running puppet 0.24.6. ---------------------------------------- Bug #1871: Sensitive information leaked in log reports http://projects.reductivelabs.com/issues/show/1871 Author: IanTurner Status: Needs more information Priority: Normal Assigned to: Category: file Target version: Complexity: Unknown Affected version: 0.24.6 Keywords: security content source logs It seems that at the moment, any files mastered through the "content" tag will sometimes have their contents reported through the various logging domains, either with a diff or with the complete file contents. This does not appear to happen with files mastered through the "source" tag. Since installed files may contain highly sensitive information, such as passwords, it should be possible to disable this behavior, either by a change for all users or through a configuration directive. ---------------------------------------- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
