From: "Daniel P. Berrangé" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: libvir-list@redhat.com,
"Daniel P. Berrangé" <berrange@redhat.com>,
"Gerd Hoffmann" <kraxel@redhat.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
"Markus Armbruster" <armbru@redhat.com>
Subject: [PATCH v2 3/3] ui: deprecate "password" option for SPICE server
Date: Thu, 11 Mar 2021 11:43:43 +0000 [thread overview]
Message-ID: <20210311114343.439820-4-berrange@redhat.com> (raw)
In-Reply-To: <20210311114343.439820-1-berrange@redhat.com>
With the new "password-secret" option, there is no reason to use the old
inecure "password" option with -spice, so it can be deprecated.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
docs/system/deprecated.rst | 8 ++++++++
qemu-options.hx | 4 ++++
ui/spice-core.c | 2 ++
3 files changed, 14 insertions(+)
diff --git a/docs/system/deprecated.rst b/docs/system/deprecated.rst
index 241b28a521..e742c8d311 100644
--- a/docs/system/deprecated.rst
+++ b/docs/system/deprecated.rst
@@ -166,6 +166,14 @@ Using ``-M kernel-irqchip=off`` with x86 machine types that include a local
APIC is deprecated. The ``split`` setting is supported, as is using
``-M kernel-irqchip=off`` with the ISA PC machine type.
+``-spice password=string`` (since 6.0)
+''''''''''''''''''''''''''''''''''''''
+
+This option is insecure because the SPICE password remains visible in
+the process listing. This is replaced by the new ``password-secret``
+option which lets the password be securely provided on the command
+line using a ``secret`` object instance.
+
QEMU Machine Protocol (QMP) commands
------------------------------------
diff --git a/qemu-options.hx b/qemu-options.hx
index 77bb834e37..48382a8a2a 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -1928,6 +1928,10 @@ SRST
``password=<string>``
Set the password you need to authenticate.
+ This option is deprecated and insecure because it leaves the
+ password visible in the process listing. Use ``password-secret``
+ instead.
+
``password-secret=<secret-id>``
Set the ID of the ``secret`` object containing the password
you need to authenticate.
diff --git a/ui/spice-core.c b/ui/spice-core.c
index 7f0e005ca9..235d61f0c1 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -686,6 +686,8 @@ static void qemu_spice_init(void)
} else {
str = qemu_opt_get(opts, "password");
if (str) {
+ warn_report("'password' option is deprecated and insecure, "
+ "use 'password-secret' instead");
password = g_strdup(str);
}
}
--
2.29.2
next prev parent reply other threads:[~2021-03-11 11:48 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-11 11:43 [PATCH v2 0/3] ui: add support for 'secret' object to provide VNC/SPICE passwords Daniel P. Berrangé
2021-03-11 11:43 ` [PATCH v2 1/3] ui: introduce "password-secret" option for VNC servers Daniel P. Berrangé
2021-03-11 11:43 ` [PATCH v2 2/3] ui: introduce "password-secret" option for SPICE server Daniel P. Berrangé
2021-03-11 11:43 ` Daniel P. Berrangé [this message]
2021-03-11 12:40 ` [PATCH v2 0/3] ui: add support for 'secret' object to provide VNC/SPICE passwords Gerd Hoffmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210311114343.439820-4-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=armbru@redhat.com \
--cc=dgilbert@redhat.com \
--cc=kraxel@redhat.com \
--cc=libvir-list@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).