[pbs-devel] [PATCH v4 proxmox{, -backup} 0/2] close #4763: client: added command to forget backup group
Gabriel Goller
g.goller at proxmox.com
Thu Apr 18 13:49:47 CEST 2024
On Thu Apr 18, 2024 at 12:24 PM CEST, Christian Ebner wrote:
> >> When one tries to delete a non existing group, the dialog asks me for
> >> confirmation, failing however afterwards with an error message, leaking
> >> also the datastore path to the client. While the former is not an issue
> >> and the intention is to be able to remove empty groups, the latter is
> >> not okay in my opinion.
> >> So either check if the group even exists before asking for confirmation,
> >> or map the error to not leak the datastore path.
> >
> > The thing is that we don't differentiate between an empty group or a
> > nonexistent group — at least when using the api. This means that even
> > the list-groups api call will **not** return a group if it doesn't contain
> > any snapshots, but deleting it will succeed (because it still exists) >
> > What we can do is obviously ignore the error message and simply return a
> > generic "failed to remove group" or "group not found" to avoid leaking
> > stuff. Although debugging a issue will be much harder with these vague
> > error messages.
> >
> > IMO leaking the datastore is not a big issue, as the client can also
> > list task logs and the datastore path is going to be visible in there as
> > well.
>
> It is not a big issue, agreed, but nevertheless an information leak. But
> you are right, the task log does contain that information as well, so
> there is at least no additional information here. Given that, this is
> fine I guess.
As this particular error (group not found) is very common, I added a
branch that matches this error and rephrases it without the datastore
path.
Submitted a new version!
More information about the pbs-devel
mailing list