On 2020-02-10 11:57, Josef Reidinger wrote:
Well, issue is that we log values for our UI terms (not in libyui, but when we construct values). So if you have e.g. password for your ftp server ( lets say ftp://user:password@myftp.com ) and you open dialog that allows edit this source e.g. packager if you use it for you repos, then you see in logs something like:
Then the bug is that those terms are logged.
Since that logging is only ever useful when somebody is debugging the
very low-level functions deep down, this should be ifdef'ed out by
default. It's not as if any of us would EVER make use of that level of
logging.
If you want to see the widget tree, you can simply use
UI.DumpWidgetTree() which does not leak any details that may be
confidential like passwords; or use the YDialogSpy (Ctrl-Shift-Alt-Y).
But we really shouldn't make life harder for us and for our users by
potentially leaking confidential information and then trying to disguise
that problem by y2log tarball permissions and disclaimers and whatnot.
We need the y2logs for debugging and bug fixing. We need our users to be
able to trust us with that. So we need to take the utmost care to NOT
leak any confidential information. So please let's get rid of such
logging leaks.
The same is true, of course, for places where we dump complete data
structures to the log that may also contain passwords. We may need
special log functions in some places to replace such information with
something neutral like "<password not logged>"; this is also important
to build trust with our users.
Kind regards
--
Stefan Hundhammer