From: Daniel P. Berrangé <berrange@xxxxxxxxxx> With the new "password-secret" option, there is no reason to use the old inecure "password" option with -spice, so it can be deprecated. Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> Message-Id: <20210311114343.439820-4-berrange@xxxxxxxxxx> Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx> --- ui/spice-core.c | 2 ++ docs/system/deprecated.rst | 8 ++++++++ qemu-options.hx | 4 ++++ 3 files changed, 14 insertions(+) diff --git a/ui/spice-core.c b/ui/spice-core.c index b9d8aced91df..272d19b0c152 100644 --- a/ui/spice-core.c +++ b/ui/spice-core.c @@ -686,6 +686,8 @@ static void qemu_spice_init(void) } else { str = qemu_opt_get(opts, "password"); if (str) { + warn_report("'password' option is deprecated and insecure, " + "use 'password-secret' instead"); password = g_strdup(str); } } diff --git a/docs/system/deprecated.rst b/docs/system/deprecated.rst index 5e3a31c12361..8cba672a7b4a 100644 --- a/docs/system/deprecated.rst +++ b/docs/system/deprecated.rst @@ -174,6 +174,14 @@ Input parameters that take a size value should only use a size suffix the value is hexadecimal. That is, '0x20M' is deprecated, and should be written either as '32M' or as '0x2000000'. +``-spice password=string`` (since 6.0) +'''''''''''''''''''''''''''''''''''''' + +This option is insecure because the SPICE password remains visible in +the process listing. This is replaced by the new ``password-secret`` +option which lets the password be securely provided on the command +line using a ``secret`` object instance. + QEMU Machine Protocol (QMP) commands ------------------------------------ diff --git a/qemu-options.hx b/qemu-options.hx index a98f8e84a29d..4da3f4f48c03 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -1928,6 +1928,10 @@ SRST ``password=<string>`` Set the password you need to authenticate. + This option is deprecated and insecure because it leaves the + password visible in the process listing. Use ``password-secret`` + instead. + ``password-secret=<secret-id>`` Set the ID of the ``secret`` object containing the password you need to authenticate. -- 2.29.2