[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] Scrub vnc password for vfb



This leads to a question -- should xend.log (and our other log files) be
world readable in the first place?

If we want to change it we may have to hack the logging package a bit, as it
seems that Python's open() function calls fopen() which does not allow you
to manually specify access permissions. Although we could have xend set its
umask to 0770. Maybe that would break other stuff though?

 -- Keir

On 5/2/08 07:47, "Masaki Kanno" <kanno.masaki@xxxxxxxxxxxxxx> wrote:

> Hi,
> 
> I saw the vnc password in xend.log as follows.
> 
> [2008-02-05 10:35:08 6412] DEBUG (DevController:119) DevController:
> writing {'vncunused': '1', 'domain': 'rhel4VTI', 'frontend': '/local/
> domain/1/device/vfb/0', 'uuid': 'e8e7f9db-e104-7d4a-36bd-d5f09ab34378',
> 'vncpasswd': 'test', 'state': '1', 'online': '1', 'frontend-id': '1',
> 'type': 'vnc'} to /local/domain/0/backend/vfb/1/0.
> 
> This patch scrubs it as follows.
> 
> [2008-02-05 16:23:23 11188] DEBUG (DevController:120) DevController:
> writing {'vncunused': '1', 'domain': 'rhel4VTI', 'frontend': '/local/
> domain/2/device/vfb/0', 'uuid': '53f05d3f-9994-bdd7-2293-d60c22b0568b',
> 'vncpasswd': 'XXXXXXXX', 'state': '1', 'online': '1', 'frontend-id': '2',
> 'type': 'vnc'} to /local/domain/0/backend/vfb/2/0.
> 
> 
> Signed-off-by: Masaki Kanno <kanno.masaki@xxxxxxxxxxxxxx>
> 
> Best regards,
>  Kan
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.