From: Kevin Wolf <kwolf@redhat.com>
To: "Daniel P. Berrange" <berrange@redhat.com>
Cc: kraxel@redhat.com, stefanha@redhat.com,
Markus Armbruster <armbru@redhat.com>,
qemu-block@nongnu.org, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH RFC 0/2] Limit support for encrypted images to qemu-img
Date: Wed, 11 Mar 2015 11:10:16 +0100 [thread overview]
Message-ID: <20150311101016.GA6628@noname.str.redhat.com> (raw)
In-Reply-To: <20150311095926.GC22609@redhat.com>
Am 11.03.2015 um 10:59 hat Daniel P. Berrange geschrieben:
> On Wed, Mar 11, 2015 at 09:55:16AM +0100, Markus Armbruster wrote:
> > "Daniel P. Berrange" <berrange@redhat.com> writes:
> > > FWIW, I could see an improved interaction scheme working as follows
> > >
> > > First, introduce a new monitor command for setting named passwords,
> > >
> > > add_key mykey1 SECRETDATA
> > >
> > > Now, extend the blockdev_add so that you can provide key names
> > > by adding
> > >
> > > 'keyname': 'mykey1'
> > >
> > > as a parameter in the json args.
> >
> > Can you explain why that's better than sticking 'key': SECRETDATA right
> > into blockdev-add's arguments?
>
> Just have a small preference to keep passwords separated from the
> rest of the data, so when logging the stuff for debug purposes we
> don't compromise people's passwords quite so readily.
Indeed, it would be very easy for a password to end up in error
messages, or in json: "filenames" that might be used in query-block
replies or in a backing file path. BDS options should be considered
more or less public.
> It is more
> straightforward for us to mask out the passwords if we can just
> match on the command name, and not have to try to grok the specific
> field in a large set of args. Also in terms of cold startup, it
> is not desirable to have the password directly included in the
> args to -drive or equiv, as that's visible in process listings.
Right, that too.
Kevin
next prev parent reply other threads:[~2015-03-11 10:10 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-10 17:26 [Qemu-devel] [PATCH RFC 0/2] Limit support for encrypted images to qemu-img Markus Armbruster
2015-03-10 17:26 ` [Qemu-devel] [PATCH RFC 1/2] block: Limit opening of " Markus Armbruster
2015-03-10 18:15 ` Daniel P. Berrange
2015-03-11 8:57 ` Markus Armbruster
2015-03-10 18:21 ` Eric Blake
2015-03-11 10:14 ` Kevin Wolf
2015-03-11 11:59 ` Markus Armbruster
2015-03-11 12:22 ` Kevin Wolf
2015-03-10 17:26 ` [Qemu-devel] [PATCH RFC 2/2] block: Drop code supporting encryption outside qemu-img Markus Armbruster
2015-03-10 18:25 ` Eric Blake
2015-03-10 18:13 ` [Qemu-devel] [PATCH RFC 0/2] Limit support for encrypted images to qemu-img Daniel P. Berrange
2015-03-11 8:55 ` Markus Armbruster
2015-03-11 9:59 ` Daniel P. Berrange
2015-03-11 10:10 ` Kevin Wolf [this message]
2015-03-11 12:05 ` Markus Armbruster
2015-03-12 16:58 ` Paolo Bonzini
2015-03-13 8:26 ` Kevin Wolf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150311101016.GA6628@noname.str.redhat.com \
--to=kwolf@redhat.com \
--cc=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=kraxel@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).