* [PATCH v2 0/3] More work on deprecation/removal of clear text passwords
@ 2022-12-16 11:31 Daniel P. Berrangé
2022-12-16 11:31 ` [PATCH v2 1/3] block: mention 'password-secret' option for -iscsi Daniel P. Berrangé
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Daniel P. Berrangé @ 2022-12-16 11:31 UTC (permalink / raw)
To: qemu-devel
Cc: Gerd Hoffmann, Paolo Bonzini, Hanna Reitz, qemu-block,
Peter Lieven, Kevin Wolf, libvir-list, Ronnie Sahlberg,
Daniel P. Berrangé
This deprecates the -iscsi clear text 'password' option
and deletes the previously deprecated -spice 'password'
option.
Changed in v2:
* Fixed section placement for iscsi deprecation docs
* Fixed missing brackets in -iscsi help
* Write in past tense for -spice password removal docs
Daniel P. Berrangé (3):
block: mention 'password-secret' option for -iscsi
block: deprecate iSCSI 'password' in favour of 'password-secret'
ui: remove deprecated 'password' option for SPICE
block/iscsi.c | 3 +++
docs/about/deprecated.rst | 16 ++++++++--------
docs/about/removed-features.rst | 7 +++++++
qemu-options.hx | 13 +++----------
ui/spice-core.c | 15 ---------------
5 files changed, 21 insertions(+), 33 deletions(-)
--
2.38.1
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH v2 1/3] block: mention 'password-secret' option for -iscsi
2022-12-16 11:31 [PATCH v2 0/3] More work on deprecation/removal of clear text passwords Daniel P. Berrangé
@ 2022-12-16 11:31 ` Daniel P. Berrangé
2022-12-16 13:52 ` Fabiano Rosas
2022-12-16 11:31 ` [PATCH v2 2/3] block: deprecate iSCSI 'password' in favour of 'password-secret' Daniel P. Berrangé
2022-12-16 11:31 ` [PATCH v2 3/3] ui: remove deprecated 'password' option for SPICE Daniel P. Berrangé
2 siblings, 1 reply; 7+ messages in thread
From: Daniel P. Berrangé @ 2022-12-16 11:31 UTC (permalink / raw)
To: qemu-devel
Cc: Gerd Hoffmann, Paolo Bonzini, Hanna Reitz, qemu-block,
Peter Lieven, Kevin Wolf, libvir-list, Ronnie Sahlberg,
Daniel P. Berrangé,
Markus Armbruster
The 'password-secret' option was added
commit b189346eb1784df95ed6fed610411dbf23d19e1f
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: Thu Jan 21 14:19:21 2016 +0000
iscsi: add support for getting CHAP password via QCryptoSecret API
but was not mentioned in the command line docs
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
qemu-options.hx | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/qemu-options.hx b/qemu-options.hx
index 7f99d15b23..58efb58072 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -1889,8 +1889,8 @@ SRST
ERST
DEF("iscsi", HAS_ARG, QEMU_OPTION_iscsi,
- "-iscsi [user=user][,password=password]\n"
- " [,header-digest=CRC32C|CR32C-NONE|NONE-CRC32C|NONE\n"
+ "-iscsi [user=user][,password=password][,password-secret=secret-id]\n"
+ " [,header-digest=CRC32C|CR32C-NONE|NONE-CRC32C|NONE]\n"
" [,initiator-name=initiator-iqn][,id=target-iqn]\n"
" [,timeout=timeout]\n"
" iSCSI session parameters\n", QEMU_ARCH_ALL)
--
2.38.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH v2 2/3] block: deprecate iSCSI 'password' in favour of 'password-secret'
2022-12-16 11:31 [PATCH v2 0/3] More work on deprecation/removal of clear text passwords Daniel P. Berrangé
2022-12-16 11:31 ` [PATCH v2 1/3] block: mention 'password-secret' option for -iscsi Daniel P. Berrangé
@ 2022-12-16 11:31 ` Daniel P. Berrangé
2022-12-16 13:54 ` Fabiano Rosas
2022-12-16 11:31 ` [PATCH v2 3/3] ui: remove deprecated 'password' option for SPICE Daniel P. Berrangé
2 siblings, 1 reply; 7+ messages in thread
From: Daniel P. Berrangé @ 2022-12-16 11:31 UTC (permalink / raw)
To: qemu-devel
Cc: Gerd Hoffmann, Paolo Bonzini, Hanna Reitz, qemu-block,
Peter Lieven, Kevin Wolf, libvir-list, Ronnie Sahlberg,
Daniel P. Berrangé
Support for referencing secret objects was added in
commit b189346eb1784df95ed6fed610411dbf23d19e1f
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: Thu Jan 21 14:19:21 2016 +0000
iscsi: add support for getting CHAP password via QCryptoSecret API
The existing 'password' option is overdue for deprecation and
subsequent removal.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
block/iscsi.c | 3 +++
docs/about/deprecated.rst | 8 ++++++++
2 files changed, 11 insertions(+)
diff --git a/block/iscsi.c b/block/iscsi.c
index a316d46d96..58c0623052 100644
--- a/block/iscsi.c
+++ b/block/iscsi.c
@@ -1352,6 +1352,9 @@ static void apply_chap(struct iscsi_context *iscsi, QemuOpts *opts,
} else if (!password) {
error_setg(errp, "CHAP username specified but no password was given");
return;
+ } else {
+ warn_report("iSCSI block driver 'password' option is deprecated, "
+ "use 'password-secret' instead");
}
if (iscsi_set_initiator_username_pwd(iscsi, user, password)) {
diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index 93affe3669..daf2334040 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -333,6 +333,14 @@ The above, converted to the current supported format::
json:{"file.driver":"rbd", "file.pool":"rbd", "file.image":"name"}
+``iscsi,password=xxx`` (since 8.0)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Specifying the iSCSI password in plain text on the command line using the
+``password`` option is insecure. The ``password-secret`` option should be
+used instead, to refer to a ``--object secret...`` instance that provides
+a password via a file, or encrypted.
+
Backwards compatibility
-----------------------
--
2.38.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH v2 3/3] ui: remove deprecated 'password' option for SPICE
2022-12-16 11:31 [PATCH v2 0/3] More work on deprecation/removal of clear text passwords Daniel P. Berrangé
2022-12-16 11:31 ` [PATCH v2 1/3] block: mention 'password-secret' option for -iscsi Daniel P. Berrangé
2022-12-16 11:31 ` [PATCH v2 2/3] block: deprecate iSCSI 'password' in favour of 'password-secret' Daniel P. Berrangé
@ 2022-12-16 11:31 ` Daniel P. Berrangé
2022-12-16 13:56 ` Fabiano Rosas
2 siblings, 1 reply; 7+ messages in thread
From: Daniel P. Berrangé @ 2022-12-16 11:31 UTC (permalink / raw)
To: qemu-devel
Cc: Gerd Hoffmann, Paolo Bonzini, Hanna Reitz, qemu-block,
Peter Lieven, Kevin Wolf, libvir-list, Ronnie Sahlberg,
Daniel P. Berrangé,
Markus Armbruster
This has been replaced by the 'password-secret' option,
which references a 'secret' object instance.
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
docs/about/deprecated.rst | 8 --------
docs/about/removed-features.rst | 7 +++++++
qemu-options.hx | 9 +--------
ui/spice-core.c | 15 ---------------
4 files changed, 8 insertions(+), 31 deletions(-)
diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index daf2334040..8fbe7cb5fe 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -73,14 +73,6 @@ Input parameters that take a size value should only use a size suffix
the value is hexadecimal. That is, '0x20M' is deprecated, and should
be written either as '32M' or as '0x2000000'.
-``-spice password=string`` (since 6.0)
-''''''''''''''''''''''''''''''''''''''
-
-This option is insecure because the SPICE password remains visible in
-the process listing. This is replaced by the new ``password-secret``
-option which lets the password be securely provided on the command
-line using a ``secret`` object instance.
-
``-smp`` ("parameter=0" SMP configurations) (since 6.2)
'''''''''''''''''''''''''''''''''''''''''''''''''''''''
diff --git a/docs/about/removed-features.rst b/docs/about/removed-features.rst
index 63df9848fd..2cbb1b7afe 100644
--- a/docs/about/removed-features.rst
+++ b/docs/about/removed-features.rst
@@ -408,6 +408,13 @@ pcspk-audiodev=<name>``.
Use ``-device`` instead.
+``-spice password=string`` (removed in 8.0)
+'''''''''''''''''''''''''''''''''''''''''''
+
+This optionwas insecure because the SPICE password remained visible in
+the process listing. This was replaced by the new ``password-secret``
+option which lets the password be securely provided on the command
+line using a ``secret`` object instance.
QEMU Machine Protocol (QMP) commands
------------------------------------
diff --git a/qemu-options.hx b/qemu-options.hx
index 58efb58072..847d71e567 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -2132,7 +2132,7 @@ DEF("spice", HAS_ARG, QEMU_OPTION_spice,
" [,tls-channel=[main|display|cursor|inputs|record|playback]]\n"
" [,plaintext-channel=[main|display|cursor|inputs|record|playback]]\n"
" [,sasl=on|off][,disable-ticketing=on|off]\n"
- " [,password=<string>][,password-secret=<secret-id>]\n"
+ " [,password-secret=<secret-id>]\n"
" [,image-compression=[auto_glz|auto_lz|quic|glz|lz|off]]\n"
" [,jpeg-wan-compression=[auto|never|always]]\n"
" [,zlib-glz-wan-compression=[auto|never|always]]\n"
@@ -2158,13 +2158,6 @@ SRST
``ipv4=on|off``; \ ``ipv6=on|off``; \ ``unix=on|off``
Force using the specified IP version.
- ``password=<string>``
- Set the password you need to authenticate.
-
- This option is deprecated and insecure because it leaves the
- password visible in the process listing. Use ``password-secret``
- instead.
-
``password-secret=<secret-id>``
Set the ID of the ``secret`` object containing the password
you need to authenticate.
diff --git a/ui/spice-core.c b/ui/spice-core.c
index 72f8f1681c..76f7c2bc3d 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -412,9 +412,6 @@ static QemuOptsList qemu_spice_opts = {
.name = "unix",
.type = QEMU_OPT_BOOL,
#endif
- },{
- .name = "password",
- .type = QEMU_OPT_STRING,
},{
.name = "password-secret",
.type = QEMU_OPT_STRING,
@@ -666,20 +663,8 @@ static void qemu_spice_init(void)
}
passwordSecret = qemu_opt_get(opts, "password-secret");
if (passwordSecret) {
- if (qemu_opt_get(opts, "password")) {
- error_report("'password' option is mutually exclusive with "
- "'password-secret'");
- exit(1);
- }
password = qcrypto_secret_lookup_as_utf8(passwordSecret,
&error_fatal);
- } else {
- str = qemu_opt_get(opts, "password");
- if (str) {
- warn_report("'password' option is deprecated and insecure, "
- "use 'password-secret' instead");
- password = g_strdup(str);
- }
}
if (tls_port) {
--
2.38.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH v2 1/3] block: mention 'password-secret' option for -iscsi
2022-12-16 11:31 ` [PATCH v2 1/3] block: mention 'password-secret' option for -iscsi Daniel P. Berrangé
@ 2022-12-16 13:52 ` Fabiano Rosas
0 siblings, 0 replies; 7+ messages in thread
From: Fabiano Rosas @ 2022-12-16 13:52 UTC (permalink / raw)
To: Daniel P. Berrangé, qemu-devel
Cc: Gerd Hoffmann, Paolo Bonzini, Hanna Reitz, qemu-block,
Peter Lieven, Kevin Wolf, libvir-list, Ronnie Sahlberg,
Daniel P. Berrangé,
Markus Armbruster
Daniel P. Berrangé <berrange@redhat.com> writes:
> The 'password-secret' option was added
>
> commit b189346eb1784df95ed6fed610411dbf23d19e1f
> Author: Daniel P. Berrangé <berrange@redhat.com>
> Date: Thu Jan 21 14:19:21 2016 +0000
>
> iscsi: add support for getting CHAP password via QCryptoSecret API
>
> but was not mentioned in the command line docs
>
> Reviewed-by: Markus Armbruster <armbru@redhat.com>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2 2/3] block: deprecate iSCSI 'password' in favour of 'password-secret'
2022-12-16 11:31 ` [PATCH v2 2/3] block: deprecate iSCSI 'password' in favour of 'password-secret' Daniel P. Berrangé
@ 2022-12-16 13:54 ` Fabiano Rosas
0 siblings, 0 replies; 7+ messages in thread
From: Fabiano Rosas @ 2022-12-16 13:54 UTC (permalink / raw)
To: Daniel P. Berrangé, qemu-devel
Cc: Gerd Hoffmann, Paolo Bonzini, Hanna Reitz, qemu-block,
Peter Lieven, Kevin Wolf, libvir-list, Ronnie Sahlberg,
Daniel P. Berrangé
Daniel P. Berrangé <berrange@redhat.com> writes:
> Support for referencing secret objects was added in
>
> commit b189346eb1784df95ed6fed610411dbf23d19e1f
> Author: Daniel P. Berrangé <berrange@redhat.com>
> Date: Thu Jan 21 14:19:21 2016 +0000
>
> iscsi: add support for getting CHAP password via QCryptoSecret API
>
> The existing 'password' option is overdue for deprecation and
> subsequent removal.
>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2 3/3] ui: remove deprecated 'password' option for SPICE
2022-12-16 11:31 ` [PATCH v2 3/3] ui: remove deprecated 'password' option for SPICE Daniel P. Berrangé
@ 2022-12-16 13:56 ` Fabiano Rosas
0 siblings, 0 replies; 7+ messages in thread
From: Fabiano Rosas @ 2022-12-16 13:56 UTC (permalink / raw)
To: Daniel P. Berrangé, qemu-devel
Cc: Gerd Hoffmann, Paolo Bonzini, Hanna Reitz, qemu-block,
Peter Lieven, Kevin Wolf, libvir-list, Ronnie Sahlberg,
Daniel P. Berrangé,
Markus Armbruster
Daniel P. Berrangé <berrange@redhat.com> writes:
> This has been replaced by the 'password-secret' option,
> which references a 'secret' object instance.
>
> Reviewed-by: Markus Armbruster <armbru@redhat.com>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Just a small detail below.
> ---
> docs/about/deprecated.rst | 8 --------
> docs/about/removed-features.rst | 7 +++++++
> qemu-options.hx | 9 +--------
> ui/spice-core.c | 15 ---------------
> 4 files changed, 8 insertions(+), 31 deletions(-)
>
> diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
> index daf2334040..8fbe7cb5fe 100644
> --- a/docs/about/deprecated.rst
> +++ b/docs/about/deprecated.rst
> @@ -73,14 +73,6 @@ Input parameters that take a size value should only use a size suffix
> the value is hexadecimal. That is, '0x20M' is deprecated, and should
> be written either as '32M' or as '0x2000000'.
>
> -``-spice password=string`` (since 6.0)
> -''''''''''''''''''''''''''''''''''''''
> -
> -This option is insecure because the SPICE password remains visible in
> -the process listing. This is replaced by the new ``password-secret``
> -option which lets the password be securely provided on the command
> -line using a ``secret`` object instance.
> -
> ``-smp`` ("parameter=0" SMP configurations) (since 6.2)
> '''''''''''''''''''''''''''''''''''''''''''''''''''''''
>
> diff --git a/docs/about/removed-features.rst b/docs/about/removed-features.rst
> index 63df9848fd..2cbb1b7afe 100644
> --- a/docs/about/removed-features.rst
> +++ b/docs/about/removed-features.rst
> @@ -408,6 +408,13 @@ pcspk-audiodev=<name>``.
>
> Use ``-device`` instead.
>
> +``-spice password=string`` (removed in 8.0)
> +'''''''''''''''''''''''''''''''''''''''''''
> +
> +This optionwas insecure because the SPICE password remained visible in
Missing a space here.
> +the process listing. This was replaced by the new ``password-secret``
> +option which lets the password be securely provided on the command
> +line using a ``secret`` object instance.
>
> QEMU Machine Protocol (QMP) commands
> ------------------------------------
> diff --git a/qemu-options.hx b/qemu-options.hx
> index 58efb58072..847d71e567 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -2132,7 +2132,7 @@ DEF("spice", HAS_ARG, QEMU_OPTION_spice,
> " [,tls-channel=[main|display|cursor|inputs|record|playback]]\n"
> " [,plaintext-channel=[main|display|cursor|inputs|record|playback]]\n"
> " [,sasl=on|off][,disable-ticketing=on|off]\n"
> - " [,password=<string>][,password-secret=<secret-id>]\n"
> + " [,password-secret=<secret-id>]\n"
> " [,image-compression=[auto_glz|auto_lz|quic|glz|lz|off]]\n"
> " [,jpeg-wan-compression=[auto|never|always]]\n"
> " [,zlib-glz-wan-compression=[auto|never|always]]\n"
> @@ -2158,13 +2158,6 @@ SRST
> ``ipv4=on|off``; \ ``ipv6=on|off``; \ ``unix=on|off``
> Force using the specified IP version.
>
> - ``password=<string>``
> - Set the password you need to authenticate.
> -
> - This option is deprecated and insecure because it leaves the
> - password visible in the process listing. Use ``password-secret``
> - instead.
> -
> ``password-secret=<secret-id>``
> Set the ID of the ``secret`` object containing the password
> you need to authenticate.
> diff --git a/ui/spice-core.c b/ui/spice-core.c
> index 72f8f1681c..76f7c2bc3d 100644
> --- a/ui/spice-core.c
> +++ b/ui/spice-core.c
> @@ -412,9 +412,6 @@ static QemuOptsList qemu_spice_opts = {
> .name = "unix",
> .type = QEMU_OPT_BOOL,
> #endif
> - },{
> - .name = "password",
> - .type = QEMU_OPT_STRING,
> },{
> .name = "password-secret",
> .type = QEMU_OPT_STRING,
> @@ -666,20 +663,8 @@ static void qemu_spice_init(void)
> }
> passwordSecret = qemu_opt_get(opts, "password-secret");
> if (passwordSecret) {
> - if (qemu_opt_get(opts, "password")) {
> - error_report("'password' option is mutually exclusive with "
> - "'password-secret'");
> - exit(1);
> - }
> password = qcrypto_secret_lookup_as_utf8(passwordSecret,
> &error_fatal);
> - } else {
> - str = qemu_opt_get(opts, "password");
> - if (str) {
> - warn_report("'password' option is deprecated and insecure, "
> - "use 'password-secret' instead");
> - password = g_strdup(str);
> - }
> }
>
> if (tls_port) {
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-12-16 13:56 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-12-16 11:31 [PATCH v2 0/3] More work on deprecation/removal of clear text passwords Daniel P. Berrangé
2022-12-16 11:31 ` [PATCH v2 1/3] block: mention 'password-secret' option for -iscsi Daniel P. Berrangé
2022-12-16 13:52 ` Fabiano Rosas
2022-12-16 11:31 ` [PATCH v2 2/3] block: deprecate iSCSI 'password' in favour of 'password-secret' Daniel P. Berrangé
2022-12-16 13:54 ` Fabiano Rosas
2022-12-16 11:31 ` [PATCH v2 3/3] ui: remove deprecated 'password' option for SPICE Daniel P. Berrangé
2022-12-16 13:56 ` Fabiano Rosas
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.