The users password is leaked during account creation
hamarituc opened this issue Β· comments
π» Brief Description
During creation of a Postgres user the users password is written to the log. This may be considered inappropriate as it leaks sensitive data.
π₯ Cookbook version
8.3.0
π©βπ³ Chef-Infra Version
16.13.16
π© Platform details
Debian 10
Steps To Reproduce
Steps to reproduce the behavior:
- Run the test cookbook by
kitchen converge access-12-debian-10 - Check the log. You will find the following.
* postgresql_user[sous_chef] action create
* execute[create postgresql user sous_chef] action run
- execute /usr/bin/psql -c "CREATE ROLE \"sous_chef\" WITH SUPERUSER NOCREATEDB NOCREATEROLE INHERIT NOREPLICATION LOGIN PASSWORD '67890'" -U postgres --port 5432
π Expected behavior
The password should not be written to the log. The expected output should look like this.
* postgresql_user[sous_chef] action update
* execute[Update postgresql user sous_chef to set statement_timeout] action run
- execute sensitive resource
β Additional context
I will provide a patch. Nevertheless it would be favorable to not provide the password via the command line, because there is a residual risk that the password may be leaked via the process list, too. A fix regarding this issue would presumably require a major rework of the postgresql_user ressource.