tiup icon indicating copy to clipboard operation
tiup copied to clipboard
verified publisher icon pingcap

tiup leaks credential through environment printing

Open mzhang77 opened this issue 1 year ago • 1 comments

Bug Report

  1. What did you do? any tiup cluster command, e.g.
tiup cluster list

  1. What did you expect to see? The command should be safe to run

  2. What did you see instead? In ~/.tiup/logs/tiup-cluster-debug-2023-12-09-23-45-09.log and ~/.tiup/storage/cluster/audit/XXXX AWS secrets leaks through ENV var printing

 ... "AWS_SECRET_ACCESS_KEY=REDACTED", ...

Same information also leak into

  1. What version of TiUP are you using (tiup --version)?
tiup --version
1.16.0 tiup
Go Version: go1.21.11
Git Ref: v1.16.0
GitHash: e543145831d44a863366ff8c379d25980730bbd1

mzhang77 avatar Oct 18 '24 02:10 mzhang77

I think code is here: https://github.com/pingcap/tiup/blob/c1a14a55118b5c2076497cca7d7b28741ad8ab80/components/cluster/command/root.go#L278 and https://github.com/pingcap/tiup/blob/c1a14a55118b5c2076497cca7d7b28741ad8ab80/components/dm/command/root.go#L235 There is no where in tiup that user can set log level. By default this debug information should not write to file.

mzhang77 avatar Oct 18 '24 02:10 mzhang77

I think there are two possible solutions:

  1. Redact sensitive info from the environment. However it would be easy to miss things that might be company specific etc. So an allowlist might be better than a denylist. This does make this less useful for actual debugging.
  2. Don't use debug logging in sensitive environments.

Not sure what solution (or combination of solutions) is best.

dveeden avatar Nov 04 '25 08:11 dveeden