Disable logger for low privilege users in script sandbox [Updated in Security Center 1.3]

  • Release version: Yokohama
  • Updated January 30, 2025
  • 1 minute to read

    • Manage Glide System's ability to log scripts being executed in the sandbox environment.

    Use the glide.security.sandbox_no_logging property to control Glide System's ability to log scripts being executed in the sandbox environment. If glide.security.sandbox_no_logging is set to false, logging is available for lower-privileged users using sandboxed scripts. This is a potential security vulnerability because low privileged users can inject logs allowing a bad actor to potentially obfuscate an attack. Configure the property to true to prevent lower-privileged users that are using a sandboxed script from having logging functionality.

    More information

    Attribute Description
    Configuration name glide.security.sandbox_no_logging
    Configuration type System Properties (/sys_properties_list.do)
    Data type boolean
    Recommended value true
    Default value true
    Category Error handling and logging
    Security risk
    • Severity score: 2.2
    • CVSS score: Low
    • Security risk details: Setting this property to false enables logging for lower-privileged users which could allow a bad actor to obfuscate an attack.
    Dependencies and prerequisites None