Normally I'd say printing passwords to logs is a mistake but I can see how we got here. Probably we should make this configurable.
I think we should also change the permissions to match the systemd journal files.
On my 20.04 laptop, files in /var/log/journal/*/ are readable by group systemd-journal and group adm. adm is allowed to read many log files on Debian and derivatives, though normally passwords aren't included in logs.
Hello Carl, thanks for the excellent report.
Please use CVE-2021-3429 for this issue.
Normally I'd say printing passwords to logs is a mistake but I can see how we got here. Probably we should make this configurable.
I think we should also change the permissions to match the systemd journal files.
On my 20.04 laptop, files in /var/log/journal/*/ are readable by group systemd-journal and group adm. adm is allowed to read many log files on Debian and derivatives, though normally passwords aren't included in logs.
Thanks