Re: [libosinfo PATCH 2/2] tools, install-script: Do not accept user & admin password via --config

Fabiano Fidêncio <fidencio@xxxxxxxxxx> · Mon, 8 Jul 2019 08:36:23 +0200

On Fri, Jul 5, 2019 at 5:54 PM Daniel P. Berrangé <berrange@xxxxxxxxxx> wrote:
>
> On Fri, Jul 05, 2019 at 10:27:20AM +0200, Fabiano Fidêncio wrote:
> > As passing user & admin password via command line is a low impact CVE,
> > let's error out when it's done and advertise the users to use
> > --config-file instead.
> >
> > Signed-off-by: Fabiano Fidêncio <fidencio@xxxxxxxxxx>
> > ---
> >  tools/osinfo-install-script.c | 11 +++++++++++
> >  1 file changed, 11 insertions(+)
> >
> > diff --git a/tools/osinfo-install-script.c b/tools/osinfo-install-script.c
> > index efa96ee..3da4a69 100644
> > --- a/tools/osinfo-install-script.c
> > +++ b/tools/osinfo-install-script.c
> > @@ -85,6 +85,15 @@ static gboolean handle_config(const gchar *option_name G_GNUC_UNUSED,
> >      val++;
> >      key = g_strndup(value, len);
> >
> > +    if (g_str_equal(key, OSINFO_INSTALL_CONFIG_PROP_USER_PASSWORD) ||
> > +        g_str_equal(key, OSINFO_INSTALL_CONFIG_PROP_ADMIN_PASSWORD)) {
> > +        g_set_error(error, OSINFO_ERROR, 0,
> > +                    _("When setting user or admin password, use "
> > +                      "--config-file instead.\n"));
> > +        g_free(key);
> > +        return FALSE;
> > +    }
>
> If we make this a hard error then we are pretty much forcing everyone
> to use the --config-file arg, because with this CLI tool there is no
> way to see the auto-generated password.
>
> I think perhaps we should do
>
>  1. Deprecate --config for all uses
>  2. Print a warning mesage if used for admin/user password
>  3. 1 year later delete --config entirely
>

Agreed.

>
> > +
> >      osinfo_entity_set_param(OSINFO_ENTITY(config),
> >                              key,
> >                              val);
> > @@ -520,6 +529,8 @@ script. Defaults to C<media>, but can also be C<network>.
> >
> >  Set the configuration parameter C<key> to C<value>.
> >
> > +Note: this option has been deprecated, use B<--config-file=> instead.
> > +
> >  =item B<--config-file=config-file>
> >
> >  Set the configurations parameters according to the config-file passed.
> > --
> > 2.21.0
> >
> > _______________________________________________
> > Libosinfo mailing list
> > Libosinfo@xxxxxxxxxx
> > https://www.redhat.com/mailman/listinfo/libosinfo
>
> Regards,
> Daniel
> --
> |: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
> |: https://libvirt.org         -o-            https://fstop138.berrange.com :|
> |: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

_______________________________________________
Libosinfo mailing list
Libosinfo@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libosinfo