URL: https://github.com/SSSD/sssd/pull/585
Title: #585: tcurl: do not log the payload
jhrozek commented:
"""
* master: f8025ae01699b5221079a4ee2c6111c514642ce4
"""
See the full comment at
https://github.com/SSSD/sssd/pull/585#issuecomment-395765273
URL: https://github.com/SSSD/sssd/pull/585
Title: #585: tcurl: do not log the payload
jhrozek commented:
"""
Ack. If someone can set an environment variable in SSSD there are more harmful
things they can do than logging a TGT value into a file only readable by root.
"""
See the full comment
URL: https://github.com/SSSD/sssd/pull/585
Title: #585: tcurl: do not log the payload
fidencio commented:
"""
I have updated the patch with a stopgap fix.
"""
See the full comment at
https://github.com/SSSD/sssd/pull/585#issuecomment-394688792
___
URL: https://github.com/SSSD/sssd/pull/585
Title: #585: tcurl: do not log the payload
jhrozek commented:
"""
btw since we are trying to get a release out of the door, maybe a stopgap fix
could be to just put some #ifdefs around the tcurl print function and then see
if we can log the sanitized
URL: https://github.com/SSSD/sssd/pull/585
Title: #585: tcurl: do not log the payload
jhrozek commented:
"""
Thank you for working on the issue. The patch works, but I have some
suggestions how to improve the code.
First, the code is quite expensive. At the very least, it should only ever be
URL: https://github.com/SSSD/sssd/pull/585
Title: #585: tcurl: do not log the payload
fidencio commented:
"""
CI: http://vm-031.${abc}logs/job/89/61/summary.html
"""
See the full comment at
https://github.com/SSSD/sssd/pull/585#issuecomment-393429297