Opened 11 years ago

#205 new defect

"an inbound callRemote ... failed" log entries include all arguments of the failed call

Reported by: davidsarah Owned by:
Priority: major Milestone: undecided
Component: logging Version: 0.6.4
Keywords: memory confidentiality Cc:

Description

This can cause performance problems and also leak secrets. An example of the former from Tahoe-LAFS:

allmydata.storage.backends.cloud.cloud_common.CloudError: ("try 1 failed: PUT object ('shares/oh/ohcac6xn5ot7hxwfcstdeqcf4e/0.16624',) {}", '')
]
03:53:03.778 L23 []#87614 an inbound callRemote that we [n4zt] executed (on behalf of someone else, TubID uzie) failed
03:53:03.778 L10 []#87615  reqID=66831, rref=<allmydata.storage.bucket.BucketWriter object at 0x3bf6b50>, methname=RIBucketWriter.write
03:53:03.792 L10 []#87616  args=[8716681284L, '<VERY long string>']
03:53:03.792 L10 []#87617  kwargs={}
03:53:03.792 L10 []#87618  the LOCAL failure was: [...]

Note that in this case the Tahoe-LAFS code has avoided including the data that we attempted to write in the exception message (for !CloudError), but foolscap has logged it, causing a temporary memory leak, and possibly resulting in performance problems when argument strings are large. In other cases, logging the arguments of remote operations may leak secrets into the log.

Change History (0)

Note: See TracTickets for help on using tickets.