• Anonymize diagnostics is not anonym

    FlamongOle

    By FlamongOle

      • Minor

    I decided to just look through the entire diagnostics file to check if it really is anonymous. 

     

    It is not: if the "mover" logging is enabled, it will write the entire move with path and filename into the syslog and the diagnostic does NOT anonymize this data. 

     

    Quoted from the diagnostic page:

    Quote

    No personal information such as user names, passwords, or any other file contents not specified above is included by Unraid OS; however, your server name, IP address, and user share names will be included.

     

    Yes, it says it will backup the syslog - but I expected it to run through an anonymize filter first.

     

    This is a serious security flaw for the users, not good!

    Go to reports Stable Releases

    User Feedback

    Recommended Comments

    FlamongOle

    There's a reason why I choose to use logging, I want to make sure the Mover worked as intended. And so far we have the option of creating anonymous diagnostic file, then this should be excluded/scrambled as well.

     

    Turning it off does not remove the Mover log entries until you reboot when the syslog is written from scratch again. Not solving the problem unless it was off the entire time (which is default). It still should be fixed.

    Link to comment
    bonienl

    diagnostics does have logic to anonymize mover logging, wondering what is different in your case.

     

    Do you have same examples of log parts which are not anonymized? (if too sensitive please consider a PM to me).

     

     

    Link to comment
    FlamongOle

    In syslog you would find this: 

    Jan  2 21:05:30 Odin emhttpd: req (28): cmdStartMover=Move now&csrf_token=****************
Jan  2 21:05:30 Odin emhttpd: shcmd (2519): /usr/local/sbin/mover |& logger &
Jan  2 21:05:30 Odin root: mover: started
Jan  2 21:05:30 Odin move: move: file /mnt/cache/storage_ole/testfile
Jan  2 21:05:31 Odin root: mover: finished

    File and folder names might reveal things you don't want to be released. And should probably be scrambled regardless of settings (at least after the main share name).

     

    The syslog file is just included in the diagnostic without anonymize this data when the anonymize button is checked.

    Link to comment


    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Restore formatting

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Status Definitions

     

    Open = Under consideration.

     

    Solved = The issue has been resolved.

     

    Solved version = The issue has been resolved in the indicated release version.

     

    Closed = Feedback or opinion better posted on our forum for discussion. Also for reports we cannot reproduce or need more information. In this case just add a comment and we will review it again.

     

    Retest = Please retest in latest release.

    Priority Definitions

     

    Minor = Something not working correctly.

     

    Urgent = Server crash, data loss, or other showstopper.

     

    Annoyance = Doesn't affect functionality but should be fixed.

     

    Other = Announcement or other non-issue.