In certain cases we tried to clear stuff which isn't secure and in other
cases we clear the pointer but then pass the secret on the commandline.
Remove the security theatre.
Additionally all other instances which pass secret via RPC can be
theoreticlaly removed as the secret is copied to/from and non-sanitized
RPC buffer.
We'd have to clear all RPC buffers though for this to be "properly"
handled and not just security theater.
Peter Krempa (11):
virCryptoEncryptDataAESgnutls: Don't secure erase gnutls_datum_t
structs
virCryptoEncryptDataAESgnutls: Properly initialize data structures
virCryptoEncryptDataAESgnutls: Restructure control flow
virStorageBackendISCSISetAuth: Don't bother securely erasing password
virStorageBackendISCSISetAuth: Use g_strndup to '\0' terminate data
virStorageBackendISCSISetAuth: Refactor cleanup
libxlMakeNetworkDiskSrc: Don't bother with secure erase of secrets
libxlMakeNetworkDiskSrc: Refactor cleanup
virStorageBackendRBDOpenRADOSConn: Don't log the RBD key
datatypes: Register autoptr cleanup for virSecret
virSecretGetSecretString: Refactor cleanup
src/datatypes.h | 1 +
src/libxl/libxl_conf.c | 24 +++++-----------
src/storage/storage_backend_iscsi.c | 22 +++++----------
src/storage/storage_backend_rbd.c | 24 ++++++++++++----
src/util/vircrypto.c | 43 ++++++++++-------------------
src/util/virsecret.c | 19 ++++---------
6 files changed, 53 insertions(+), 80 deletions(-)
--
2.38.1
