[PULL 03/11] ui: deprecate "password" option for SPICE server
From: Daniel P. Berrangé <berrange(a)redhat.com>
With the new "password-secret" option, there is no reason to use the old
inecure "password" option with -spice, so it can be deprecated.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
Message-Id: <20210311114343.439820-4-berrange(a)redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel(a)redhat.com>
---
ui/spice-core.c | 2 ++
docs/system/deprecated.rst | 8 ++++++++
qemu-options.hx | 4 ++++
3 files changed, 14 insertions(+)
diff --git a/ui/spice-core.c b/ui/spice-core.c
index b9d8aced91df..272d19b0c152 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -686,6 +686,8 @@ static void qemu_spice_init(void)
} else {
str = qemu_opt_get(opts, "password");
if (str) {
+ warn_report("'password' option is deprecated and insecure,
"
+ "use 'password-secret' instead");
password = g_strdup(str);
}
}
diff --git a/docs/system/deprecated.rst b/docs/system/deprecated.rst
index 5e3a31c12361..8cba672a7b4a 100644
--- a/docs/system/deprecated.rst
+++ b/docs/system/deprecated.rst
@@ -174,6 +174,14 @@ Input parameters that take a size value should only use a size
suffix
the value is hexadecimal. That is, '0x20M' is deprecated, and should
be written either as '32M' or as '0x2000000'.
+``-spice password=string`` (since 6.0)
+''''''''''''''''''''''''''''''''''''''
+
+This option is insecure because the SPICE password remains visible in
+the process listing. This is replaced by the new ``password-secret``
+option which lets the password be securely provided on the command
+line using a ``secret`` object instance.
+
QEMU Machine Protocol (QMP) commands
------------------------------------
diff --git a/qemu-options.hx b/qemu-options.hx
index a98f8e84a29d..4da3f4f48c03 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -1928,6 +1928,10 @@ SRST
``password=<string>``
Set the password you need to authenticate.
+ This option is deprecated and insecure because it leaves the
+ password visible in the process listing. Use ``password-secret``
+ instead.
+
``password-secret=<secret-id>``
Set the ID of the ``secret`` object containing the password
you need to authenticate.
--
2.29.2