Shutil print password in log traceback


Following my previous issue Issue backing up OSMC I’ve discovered that user account password is printed in the log file. I’ve replaced the password with “”.

For security reasons password should not be printed anywhere.

Thank you

Which password? SMB password?

If you use the log uploader or grab-logs tool, the logs should be sanitised automatically.



Yes it writes the full smb url with login and clear text password. I guess you can’t do anything about it. But at least you are aware of it if you weren’t.

It writes lines like that one (I’ve removed the password in that example):

2024-06-02 11:44:25.449 T:6228    debug <general>: script.module.osmcsetting.updates[osmc_backups] : Copying /tmp/osmc_backup/OSMCBACKUP_2024_06_02_11_40_49.tar.gz to smb://osmc:<password>@ds.lan/video/OSMCBACKUP_2024_06_02_11_40_49.tar.gz using shutil.copyfile

If your log uploader take it already into account it’s great.

Do not hesitate if you need more information

Still big thanks to you and the team :slight_smile:

kodi does that if you added a path with credentials. This typically (for a number of years now) wouldn’t be an issue as of an update to Kodi where adding a source with credentials automatically split off the credentials to a path substitution in passwords.xml. If you use the file manager in settings and “add source” to this network location this should add the base UNC path in sources.xml and a path substitution in passwords.xml that adds in the credentials when needed. When configured like this you can browse to this location in the My OSMC add-on and the Kodi log will not show your password. Note that sources added to the library sections of Kodi are different than ones added via the file manager so depending on the setting/preference your browsing it will show locations added in one or the other as appropriate.