On Mon, Jan 27, 2020 at 02:16:43PM +0100, Peter Krempa wrote: > On Mon, Jan 27, 2020 at 09:59:01 +0100, Peter Krempa wrote: > > On Fri, Jan 24, 2020 at 10:41:00 -0600, Eric Blake wrote: > > > On 1/24/20 10:08 AM, Peter Krempa wrote: > > > > Discourage passing secrets as commandline arguments. > > > > > > > > Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx> > > > > --- > > > > docs/formatsecret.html.in | 88 +++++++++++++++++++++++++-------------- > > > > 1 file changed, 57 insertions(+), 31 deletions(-) > > > > > > > > > > > > > > > + <h2><a id="settingSecrets">Setting secret values in virsh</a></h2> > > > > + > > > > > > > + </pre> > > > > + > > > > + <p> > > > > + The secret can also be set via an argument, but note that other users > > > > + may see it in the process listing output. The secret must be base64 > > > > + encoded. > > > > > > Is this last sentence still accurate, given that you can pass --plain to > > > avoid base64 encoding? > > > > I didn't allow to use --plain together with passing it on the command > > line. --plain works only in conjunction with --file. I didn't see a > > point of adding new features to an insecure way of doing things. > > > > > Should the note use <b> or other formatting to call attention to the > > > security risk of doing it this way? > > > > Yeah, I can add it. > > > > I propose the following change to emphasize the fact that it's insecure: > > diff --git a/docs/formatsecret.html.in b/docs/formatsecret.html.in > index 6c2d5e02a6..695370e150 100644 > --- a/docs/formatsecret.html.in > +++ b/docs/formatsecret.html.in > @@ -398,9 +398,10 @@ Secret value set > </pre> > > <p> > - The secret can also be set via an argument, but note that other users > - may see it in the process listing output. The secret must be base64 > - encoded. > + <b>WARNING</b>The following approach is <b>insecure</b> and deprecated. > + The secret can also be set via an argument. Note that other users may see > + the actual secret in the process listing! > + The secret must be base64 encoded. > </p> Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
