Opened at 2013-05-27T21:59:11Z
Last modified at 2013-05-27T23:57:58Z
#1989 new defect
foolscap: "an inbound callRemote ... failed" log entries include all arguments — at Version 2
| Reported by: | daira | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | undecided |
| Component: | code-network | Version: | 1.10.0 |
| Keywords: | memory confidentiality capleak logging foolscap | Cc: | |
| Launchpad Bug: |
Description (last modified by daira)
For example:
allmydata.storage.backends.cloud.cloud_common.CloudError: ("try 1 failed: PUT object ('shares/oh/ohcac6xn5ot7hxwfcstdeqcf4e/0.16624',) {}", '')
]
03:53:03.778 L23 []#87614 an inbound callRemote that we [n4zt] executed (on behalf of someone else, TubID uzie) failed
03:53:03.778 L10 []#87615 reqID=66831, rref=<allmydata.storage.bucket.BucketWriter object at 0x3bf6b50>, methname=RIBucketWriter.write
03:53:03.792 L10 []#87616 args=[8716681284L, '<VERY long string>']
03:53:03.792 L10 []#87617 kwargs={}
03:53:03.792 L10 []#87618 the LOCAL failure was: [...]
Note that in this case the cloud backend has avoided logging the data that we attempted to write, but foolscap has logged it, causing a temporarily memory leak and resulting in performance problems when argument strings are large.
In other cases, logging the arguments of remote operations may leak secrets into the log (see also #562 and related tickets).
Change History (2)
comment:1 Changed at 2013-05-27T22:00:06Z by daira
- Keywords confidentiality capleak added; secrecy removed
comment:2 Changed at 2013-05-27T22:01:42Z by daira
- Description modified (diff)
Note: See
TracTickets for help on using
tickets.
