From: Kevin Wolf <kwolf@redhat.com>
To: "Daniel P. Berrange" <berrange@redhat.com>
Cc: kraxel@redhat.com, stefanha@redhat.com,
Markus Armbruster <armbru@redhat.com>,
qemu-block@nongnu.org, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH RFC 0/2] Limit support for encrypted images to qemu-img
Date: Wed, 11 Mar 2015 11:10:16 +0100 [thread overview]
Message-ID: <20150311101016.GA6628@noname.str.redhat.com> (raw)
In-Reply-To: <20150311095926.GC22609@redhat.com>
Am 11.03.2015 um 10:59 hat Daniel P. Berrange geschrieben:
> On Wed, Mar 11, 2015 at 09:55:16AM +0100, Markus Armbruster wrote:
> > "Daniel P. Berrange" <berrange@redhat.com> writes:
> > > FWIW, I could see an improved interaction scheme working as follows
> > >
> > > First, introduce a new monitor command for setting named passwords,
> > >
> > > add_key mykey1 SECRETDATA
> > >
> > > Now, extend the blockdev_add so that you can provide key names
> > > by adding
> > >
> > > 'keyname': 'mykey1'
> > >
> > > as a parameter in the json args.
> >
> > Can you explain why that's better than sticking 'key': SECRETDATA right
> > into blockdev-add's arguments?
>
> Just have a small preference to keep passwords separated from the
> rest of the data, so when logging the stuff for debug purposes we
> don't compromise people's passwords quite so readily.
Indeed, it would be very easy for a password to end up in error
messages, or in json: "filenames" that might be used in query-block
replies or in a backing file path. BDS options should be considered
more or less public.
> It is more
> straightforward for us to mask out the passwords if we can just
> match on the command name, and not have to try to grok the specific
> field in a large set of args. Also in terms of cold startup, it
> is not desirable to have the password directly included in the
> args to -drive or equiv, as that's visible in process listings.
Right, that too.
Kevin
next prev parent reply other threads:[~2015-03-11 10:10 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-10 17:26 [Qemu-devel] [PATCH RFC 0/2] Limit support for encrypted images to qemu-img Markus Armbruster
2015-03-10 17:26 ` [Qemu-devel] [PATCH RFC 1/2] block: Limit opening of " Markus Armbruster
2015-03-10 18:15 ` Daniel P. Berrange
2015-03-11 8:57 ` Markus Armbruster
2015-03-10 18:21 ` Eric Blake
2015-03-11 10:14 ` Kevin Wolf
2015-03-11 11:59 ` Markus Armbruster
2015-03-11 12:22 ` Kevin Wolf
2015-03-10 17:26 ` [Qemu-devel] [PATCH RFC 2/2] block: Drop code supporting encryption outside qemu-img Markus Armbruster
2015-03-10 18:25 ` Eric Blake
2015-03-10 18:13 ` [Qemu-devel] [PATCH RFC 0/2] Limit support for encrypted images to qemu-img Daniel P. Berrange
2015-03-11 8:55 ` Markus Armbruster
2015-03-11 9:59 ` Daniel P. Berrange
2015-03-11 10:10 ` Kevin Wolf [this message]
2015-03-11 12:05 ` Markus Armbruster
2015-03-12 16:58 ` Paolo Bonzini
2015-03-13 8:26 ` Kevin Wolf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150311101016.GA6628@noname.str.redhat.com \
--to=kwolf@redhat.com \
--cc=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=kraxel@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.