[PATCH 3/4] ui: deprecate "password" option for SPICE server

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: "Daniel P. Berrangé" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: libvir-list@redhat.com, "Markus Armbruster" <armbru@redhat.com>,
	"Daniel P. Berrangé" <berrange@redhat.com>,
	"Gerd Hoffmann" <kraxel@redhat.com>,
	"Dr. David Alan Gilbert" <dgilbert@redhat.com>
Subject: [PATCH 3/4] ui: deprecate "password" option for SPICE server
Date: Fri, 19 Feb 2021 18:45:55 +0000	[thread overview]
Message-ID: <20210219184556.154972-4-berrange@redhat.com> (raw)
In-Reply-To: <20210219184556.154972-1-berrange@redhat.com>

With the new "password-secret" option, there is no reason to use the old
inecure "password" option with -spice, so it can be deprecated.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 docs/system/deprecated.rst | 8 ++++++++
 qemu-options.hx            | 4 ++++
 ui/spice-core.c            | 4 ++++
 3 files changed, 16 insertions(+)

diff --git a/docs/system/deprecated.rst b/docs/system/deprecated.rst
index 2fcac7861e..57ff9f47cc 100644
--- a/docs/system/deprecated.rst
+++ b/docs/system/deprecated.rst
@@ -146,6 +146,14 @@ library enabled as a cryptography provider.
 Neither the ``nettle`` library, or the built-in cryptography provider are
 supported on FIPS enabled hosts.
 
+``-spice password=string`` (since 6.0)
+''''''''''''''''''''''''''''''''''''''
+
+This option is insecure because the SPICE password remains visible in
+the process listing. This is replaced by the new ``password-secret``
+option which lets the password be securely provided on the command
+line using a ``secret`` object instance.
+
 QEMU Machine Protocol (QMP) commands
 ------------------------------------
 
diff --git a/qemu-options.hx b/qemu-options.hx
index ff4ef3b708..4833bd59cf 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -1926,6 +1926,10 @@ SRST
     ``password=<string>``
         Set the password you need to authenticate.
 
+        This option is deprecated and insecure because it leaves the
+        password visible in the process listing. Use ``password-secret``
+        instead.
+
     ``password-secret=<secret-id>``
         Set the ID of the ``secret`` object containing the password
         you need to authenticate.
diff --git a/ui/spice-core.c b/ui/spice-core.c
index 353848b244..5e00e31457 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -685,6 +685,10 @@ static void qemu_spice_init(void)
         }
     } else {
         str = qemu_opt_get(opts, "password");
+        if (str) {
+            warn_report("'password' option is deprecated and insecure, "
+                        "use 'password-secret' instead");
+        }
         password = g_strdup(str);
     }
 
-- 
2.29.2

next prev parent reply	other threads:[~2021-02-19 18:48 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-02-19 18:45 [PATCH 0/4] ui: add support for 'secret' object to provide VNC/SPICE passwords Daniel P. Berrangé
2021-02-19 18:45 ` [PATCH 1/4] ui: introduce "password-secret" option for VNC servers Daniel P. Berrangé
2021-02-19 18:45 ` [PATCH 2/4] ui: introduce "password-secret" option for SPICE server Daniel P. Berrangé
2021-02-19 18:45 ` Daniel P. Berrangé [this message]
2021-02-19 18:45 ` [PATCH 4/4] ui, monitor: remove deprecated VNC ACL option and HMP commands Daniel P. Berrangé
2021-02-22 10:40   ` Dr. David Alan Gilbert
2021-03-11 10:37 ` [PATCH 0/4] ui: add support for 'secret' object to provide VNC/SPICE passwords Daniel P. Berrangé
2021-03-11 11:13   ` Gerd Hoffmann
2021-03-11 11:20     ` Daniel P. Berrangé

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:2fcac7861 dfblob:57ff9f47c dfblob:ff4ef3b70 dfblob:4833bd59c
dfblob:353848b24 dfblob:5e00e3145 )
 OR (
bs:"[PATCH 3/4] ui: deprecate "
bs:"password"
bs:" option for SPICE server" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210219184556.154972-4-berrange@redhat.com \
    --to=berrange@redhat.com \
    --cc=armbru@redhat.com \
    --cc=dgilbert@redhat.com \
    --cc=kraxel@redhat.com \
    --cc=libvir-list@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).