Re: [libosinfo PATCH 2/2] tools, install-script: Do not accept user & admin password via --config

Fabiano Fidêncio <fidencio@xxxxxxxxxx> · Fri, 5 Jul 2019 11:15:48 +0200

On Fri, Jul 5, 2019 at 10:27 AM Fabiano Fidêncio <fidencio@xxxxxxxxxx> wrote:
>
> As passing user & admin password via command line is a low impact CVE,
> let's error out when it's done and advertise the users to use
> --config-file instead.
>
> Signed-off-by: Fabiano Fidêncio <fidencio@xxxxxxxxxx>
> ---
>  tools/osinfo-install-script.c | 11 +++++++++++
>  1 file changed, 11 insertions(+)
>
> diff --git a/tools/osinfo-install-script.c b/tools/osinfo-install-script.c
> index efa96ee..3da4a69 100644
> --- a/tools/osinfo-install-script.c
> +++ b/tools/osinfo-install-script.c
> @@ -85,6 +85,15 @@ static gboolean handle_config(const gchar *option_name G_GNUC_UNUSED,
>      val++;
>      key = g_strndup(value, len);
>
> +    if (g_str_equal(key, OSINFO_INSTALL_CONFIG_PROP_USER_PASSWORD) ||
> +        g_str_equal(key, OSINFO_INSTALL_CONFIG_PROP_ADMIN_PASSWORD)) {
> +        g_set_error(error, OSINFO_ERROR, 0,
> +                    _("When setting user or admin password, use "
> +                      "--config-file instead.\n"));
> +        g_free(key);
> +        return FALSE;
> +    }
> +
>      osinfo_entity_set_param(OSINFO_ENTITY(config),
>                              key,
>                              val);
> @@ -520,6 +529,8 @@ script. Defaults to C<media>, but can also be C<network>.
>
>  Set the configuration parameter C<key> to C<value>.
>
> +Note: this option has been deprecated, use B<--config-file=> instead.
> +
>  =item B<--config-file=config-file>
>
>  Set the configurations parameters according to the config-file passed.
> --
> 2.21.0
>

Ops, with this diff included:
fidencio@laerte ~/src/upstream/libosinfo $ git diff

diff --git a/tools/osinfo-install-script.c b/tools/osinfo-install-script.c
index 3da4a69..e641008 100644
--- a/tools/osinfo-install-script.c
+++ b/tools/osinfo-install-script.c
@@ -529,8 +529,6 @@ script. Defaults to C<media>, but can also be C<network>.

 Set the configuration parameter C<key> to C<value>.

-Note: this option has been deprecated, use B<--config-file=> instead.
-
 =item B<--config-file=config-file>

 Set the configurations parameters according to the config-file passed.
@@ -561,11 +559,11 @@ The local language

 =item C<admin-password>

-The administrator password
+The administrator password (only supported via --config-file)

 =item C<user-password>

-The user password
+The user password (only supported via --config-file)

 =item C<user-login>

_______________________________________________
Libosinfo mailing list
Libosinfo@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libosinfo







