On Tue, Mar 23, 2021 at 15:19:44 +0100, Michal Privoznik wrote:
On 3/23/21 3:04 PM, Peter Krempa wrote:
> On Tue, Mar 23, 2021 at 14:50:09 +0100, Michal Privoznik wrote:
> > On 3/23/21 2:42 PM, Daniel P. Berrangé wrote:
> > > On Tue, Mar 23, 2021 at 02:36:19PM +0100, Michal Privoznik wrote:
[...]
> The only thing that IMO should be removed but I didn't for
compatibility
> is the 'secret-set-value's 'base64' parameter as that is insecure.
There
> isn't a compatible replacement though.
>
That's debatable. Its not much worse than reading from a file. I mean, who
has access to my $HISTFILE? Only me and root and in both cases the secret
It's not about HISTFILE, but about the process listing. On a default
linux box, all users can list all other user's processes. If your
password is an argument for a command, it will be readable for other
users without the access to your directory.
Arguably, the lifetime of virsh is very short, so it's extremely
unlikely for anyone to notice, but it's insecure regardless.
can be changed or read from the file (if the file is not deleted
right away,
and even then it could be recovered). Many tools accept passwords in clear
text on cmd line (e.g. curl, wget). If anything, we could document why
You should avoid use of those arguments if you are on a multi-user box.
--base64 is dangerous (if we haven't done so yet).
It is documented as such and also prints a warning as pointed out in the
other reply.