From a283e832dabd35d9f6e6aace0525ecf4f6372b57 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Sun, 22 Jun 2025 16:44:02 +0100 Subject: [PATCH] homed: do not log new password when debug logs are enabled systemd-homed[3443]: Sending to worker: { "enforcePasswordPolicy": false, "userName": "foobarbaz", "perMachine": [ { "storage": "directory", "matchMachineId": "c1082742b92c4f7e8d30d6b17f9d3351" } ], "disposition": "regular", "lastChangeUSec": 1750606709833174, "lastPasswordChangeUSec": 1750606709833174, "privileged": { "hashedPassword": [ "$y$j9T$ai2Fshq0ev9W05WL4SoRJ1$EFfe41ACrJKXMCQ83A05n6UW.HrRr9/O4b1x0CXgAXD" ] }, "binding": { "c1082742b92c4f7e8d30d6b17f9d3351": { "blobDirectory": "/var/cache/systemd/home/foobarbaz", "uid": 60056, "gid": 60056 } }, "secret": { "password": [ "test" ] }, "__systemd_homework_internal_blob_fdmap": {} } (cherry picked from commit e248790263b63822cdffa399b593a272d7abddc8) --- src/home/homed-home.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/home/homed-home.c b/src/home/homed-home.c index 32691e4f815..9cefef610ec 100644 --- a/src/home/homed-home.c +++ b/src/home/homed-home.c @@ -1270,7 +1270,16 @@ static int home_start_work( if (stdin_fd < 0) return stdin_fd; - log_debug("Sending to worker: %s", formatted); + if (DEBUG_LOGGING) { + _cleanup_(erase_and_freep) char *censored_text = NULL; + + /* Suppress sensitive fields in the debug output */ + r = sd_json_variant_format(v, /* flags= */ SD_JSON_FORMAT_CENSOR_SENSITIVE, &censored_text); + if (r < 0) + return r; + + log_debug("Sending to worker: %s", censored_text); + } stdout_fd = memfd_create_wrapper("homework-stdout", MFD_CLOEXEC | MFD_NOEXEC_SEAL); if (stdout_fd < 0) -- 2.47.3