From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D09FAC636CC for ; Wed, 15 Feb 2023 17:49:07 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pSLsV-0005FR-TD; Wed, 15 Feb 2023 12:47:35 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pSLsU-0005Ak-Df for qemu-devel@nongnu.org; Wed, 15 Feb 2023 12:47:34 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pSLsS-0005EE-QZ for qemu-devel@nongnu.org; Wed, 15 Feb 2023 12:47:34 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1676483252; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZYyIpth2qY/IKDsqYqqQ/otIdwzEb9yUf5pKk+6N/js=; b=P+mae1RJ+zW2xNPbmY93moyEsOKImylr0EK7qa5UuPLOzKgoy8ENE3wyPI+6Ap1x17yWz/ 616eXwzb6dgC9HBSkmyf1/S9jQ4J75M1oxJSljP7IxvMh3tAI0NSS3m/os2Qh2pEfgfSrR R407zBGhqsN6WfjMQPKHhR6IK+jqrjw= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-379-k60A2tM5Ox-rk5335vbANw-1; Wed, 15 Feb 2023 12:47:28 -0500 X-MC-Unique: k60A2tM5Ox-rk5335vbANw-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 4DD323C218A4; Wed, 15 Feb 2023 17:47:27 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.254]) by smtp.corp.redhat.com (Postfix) with ESMTP id AA2C640C1074; Wed, 15 Feb 2023 17:47:24 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: qemu-block@nongnu.org, Ronnie Sahlberg , Kevin Wolf , libvir-list@redhat.com, Gerd Hoffmann , Paolo Bonzini , Peter Lieven , Hanna Reitz , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Fabiano Rosas , Markus Armbruster Subject: [PULL 5/5] ui: remove deprecated 'password' option for SPICE Date: Wed, 15 Feb 2023 17:47:12 +0000 Message-Id: <20230215174712.1894516-6-berrange@redhat.com> In-Reply-To: <20230215174712.1894516-1-berrange@redhat.com> References: <20230215174712.1894516-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 3.1 on 10.11.54.2 Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org This has been replaced by the 'password-secret' option, which references a 'secret' object instance. Reviewed-by: Fabiano Rosas Reviewed-by: Markus Armbruster Signed-off-by: Daniel P. Berrangé --- docs/about/deprecated.rst | 8 -------- docs/about/removed-features.rst | 7 +++++++ qemu-options.hx | 9 +-------- ui/spice-core.c | 15 --------------- 4 files changed, 8 insertions(+), 31 deletions(-) diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst index d31ffa86d4..2827b0c0be 100644 --- a/docs/about/deprecated.rst +++ b/docs/about/deprecated.rst @@ -66,14 +66,6 @@ and will cause a warning. The replacement for the ``nodelay`` short-form boolean option is ``nodelay=on`` rather than ``delay=off``. -``-spice password=string`` (since 6.0) -'''''''''''''''''''''''''''''''''''''' - -This option is insecure because the SPICE password remains visible in -the process listing. This is replaced by the new ``password-secret`` -option which lets the password be securely provided on the command -line using a ``secret`` object instance. - ``-smp`` ("parameter=0" SMP configurations) (since 6.2) ''''''''''''''''''''''''''''''''''''''''''''''''''''''' diff --git a/docs/about/removed-features.rst b/docs/about/removed-features.rst index 4a84e6174f..e901637ce5 100644 --- a/docs/about/removed-features.rst +++ b/docs/about/removed-features.rst @@ -428,6 +428,13 @@ respectively. The actual backend names should be used instead. Use ``-drive if=pflash`` to configure the OTP device of the sifive_u RISC-V machine instead. +``-spice password=string`` (removed in 8.0) +''''''''''''''''''''''''''''''''''''''''''' + +This option was insecure because the SPICE password remained visible in +the process listing. This was replaced by the new ``password-secret`` +option which lets the password be securely provided on the command +line using a ``secret`` object instance. QEMU Machine Protocol (QMP) commands ------------------------------------ diff --git a/qemu-options.hx b/qemu-options.hx index e79ff4d8fb..cafd8be8ed 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -2135,7 +2135,7 @@ DEF("spice", HAS_ARG, QEMU_OPTION_spice, " [,tls-channel=[main|display|cursor|inputs|record|playback]]\n" " [,plaintext-channel=[main|display|cursor|inputs|record|playback]]\n" " [,sasl=on|off][,disable-ticketing=on|off]\n" - " [,password=][,password-secret=]\n" + " [,password-secret=]\n" " [,image-compression=[auto_glz|auto_lz|quic|glz|lz|off]]\n" " [,jpeg-wan-compression=[auto|never|always]]\n" " [,zlib-glz-wan-compression=[auto|never|always]]\n" @@ -2161,13 +2161,6 @@ SRST ``ipv4=on|off``; \ ``ipv6=on|off``; \ ``unix=on|off`` Force using the specified IP version. - ``password=`` - Set the password you need to authenticate. - - This option is deprecated and insecure because it leaves the - password visible in the process listing. Use ``password-secret`` - instead. - ``password-secret=`` Set the ID of the ``secret`` object containing the password you need to authenticate. diff --git a/ui/spice-core.c b/ui/spice-core.c index 72f8f1681c..76f7c2bc3d 100644 --- a/ui/spice-core.c +++ b/ui/spice-core.c @@ -412,9 +412,6 @@ static QemuOptsList qemu_spice_opts = { .name = "unix", .type = QEMU_OPT_BOOL, #endif - },{ - .name = "password", - .type = QEMU_OPT_STRING, },{ .name = "password-secret", .type = QEMU_OPT_STRING, @@ -666,20 +663,8 @@ static void qemu_spice_init(void) } passwordSecret = qemu_opt_get(opts, "password-secret"); if (passwordSecret) { - if (qemu_opt_get(opts, "password")) { - error_report("'password' option is mutually exclusive with " - "'password-secret'"); - exit(1); - } password = qcrypto_secret_lookup_as_utf8(passwordSecret, &error_fatal); - } else { - str = qemu_opt_get(opts, "password"); - if (str) { - warn_report("'password' option is deprecated and insecure, " - "use 'password-secret' instead"); - password = g_strdup(str); - } } if (tls_port) { -- 2.39.1