rlm_sql_postgresql: db password appears in plaintext in logs

classic Classic list List threaded Threaded
4 messages Options
| Threaded
Open this post in threaded view
|

rlm_sql_postgresql: db password appears in plaintext in logs

L. Rose
Hello everyone,

I'm not sure if this is a bug or a misconfiguration on our site. When
running freeradius -X, the database password of our postgresql database
appears in plaintext on the console:

rlm_sql_postgresql: Connecting using parameters: dbname='radiusdb'
host='127.0.0.1' port=1337 user='radiususer' password='example'

Of course, the values for dbname, host, port, user and password are not
the real values, but the real values appear in the debug output. I
thought that freeradius -X should not print any confidential
information? Or is this a feature?

Thanks in advance,
L. Rose

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: rlm_sql_postgresql: db password appears in plaintext in logs

Coy Hile
On 2020-01-07 10:31, L. Rose wrote:

> Hello everyone,
>
> I'm not sure if this is a bug or a misconfiguration on our site. When
> running freeradius -X, the database password of our postgresql
> database appears in plaintext on the console:
>
> rlm_sql_postgresql: Connecting using parameters: dbname='radiusdb'
> host='127.0.0.1' port=1337 user='radiususer' password='example'
>
> Of course, the values for dbname, host, port, user and password are
> not the real values, but the real values appear in the debug output. I
> thought that freeradius -X should not print any confidential
> information? Or is this a feature?
>

As a user, I'd argue that's a feature, as the first thing one would
debug is that the SQL connection is, in fact, connecting to the expected
database, using the expected credentials.

--
Coy Hile
[hidden email]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: rlm_sql_postgresql: db password appears in plaintext in logs

Alan Buxey
In reply to this post by L. Rose
hi,

in full debug mode, everything gets printed - to ensure that reality
and configuration match - ie if the DB doesnt connect then maybe some
of the connection parameters are wrong.

in later versions theres a 'minor debug' mode where some passwords are
obfuscated.  use that locally if you need to (surely
whoever is running the server in debug can read the config files
anyway?) but use the proper -X when sending debug stuff to the mailing
list

alan

On Tue, 7 Jan 2020 at 15:34, L. Rose <[hidden email]> wrote:

>
> Hello everyone,
>
> I'm not sure if this is a bug or a misconfiguration on our site. When
> running freeradius -X, the database password of our postgresql database
> appears in plaintext on the console:
>
> rlm_sql_postgresql: Connecting using parameters: dbname='radiusdb'
> host='127.0.0.1' port=1337 user='radiususer' password='example'
>
> Of course, the values for dbname, host, port, user and password are not
> the real values, but the real values appear in the debug output. I
> thought that freeradius -X should not print any confidential
> information? Or is this a feature?
>
> Thanks in advance,
> L. Rose
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: rlm_sql_postgresql: db password appears in plaintext in logs

Alan DeKok-2
In reply to this post by L. Rose
On Jan 7, 2020, at 10:31 AM, L. Rose <[hidden email]> wrote:
> I'm not sure if this is a bug or a misconfiguration on our site. When running freeradius -X, the database password of our postgresql database appears in plaintext on the console:
>
> rlm_sql_postgresql: Connecting using parameters: dbname='radiusdb' host='127.0.0.1' port=1337 user='radiususer' password='example'
>
> Of course, the values for dbname, host, port, user and password are not the real values, but the real values appear in the debug output. I thought that freeradius -X should not print any confidential information?

  The debug output skips *some* confidential information as of 3.0.2.  i.e. Shared secrets for clients, etc.

  But individual modules can still print debugging messages which include confidential information.  i.e. users passwords, connection info, etc.

> Or is this a feature?

  The purpose of debugging is to debug the server.  The more information that's hidden in debug mode, the harder it is to debug the server.

  To be honest, any administrator who can run the server in debug mode has access to the config files, and can read all of the secrets.  So hiding confidential information is largely security theatre.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html