Bug #41990: mgr/dashboard: hide Python tracebacks in response errors - Dashboard - Ceph

Actions

Copy link

Bug #41990

closed

Feature #47765: mgr/dashboard: security improvements

mgr/dashboard: hide Python tracebacks in response errors

Added by Ernesto Puerta over 4 years ago. Updated about 3 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Ernesto Puerta

Category:

General - Back-end

Target version:

% Done:

Source:

Community (dev)

Tags:

security

Backport:

nautilus

Regression:

Severity:

2 - major

Reviewed:

Affected Versions:

ceph-qa-suite:

Pull request ID:

30522

Crash signature (v1):

Crash signature (v2):

Description

Currently all errors handled by Cherrypy tools result in Python traceback including sensitive context information (Python version, file locations, packages, etc).

This does not only pose a security risk, but also pollutes logs with traceback lines, which makes it really hard to find where an unexpected traceback happened.

This could be easily fixed by setting Cherrypy environment to production

Related issues 2 (0 open — 2 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Ceph » mgr » Dashboard

Custom queries

Bug #41990

mgr/dashboard: hide Python tracebacks in response errors

Updated by Ernesto Puerta over 4 years ago

Updated by Tatjana Dehler over 4 years ago

Updated by Tatjana Dehler over 4 years ago

Updated by Nathan Cutler over 4 years ago

Updated by Nathan Cutler about 4 years ago

Updated by Ernesto Puerta about 4 years ago

Updated by Ernesto Puerta over 3 years ago

Updated by Ernesto Puerta about 3 years ago