[libvirt] [PATCH 0/4] virsh: secret: Improve handling of secret value

Peter Krempa posted 4 patches 2 weeks ago
Test syntax-check failed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/cover.1578670887.git.pkrempa@redhat.com
docs/formatsecret.html.in |  86 ++++++++++++++++++----------
docs/manpages/virsh.rst   |  26 ++++++++-
tools/virsh-secret.c      | 116 ++++++++++++++++++++++++++++++++++++--
3 files changed, 189 insertions(+), 39 deletions(-)

[libvirt] [PATCH 0/4] virsh: secret: Improve handling of secret value

Posted by Peter Krempa 2 weeks ago
The currently existing virsh APIs for secrets are awful for human use
and don't promote security.

Peter Krempa (4):
  virsh: secret: Add 'secret-passwd' command
  virsh: secret: Allow getting secret's value without base64 encoding
  virsh: secret: Allow setting secrets from file
  docs: secret: Unify and sanitize examples on how to set secret value

 docs/formatsecret.html.in |  86 ++++++++++++++++++----------
 docs/manpages/virsh.rst   |  26 ++++++++-
 tools/virsh-secret.c      | 116 ++++++++++++++++++++++++++++++++++++--
 3 files changed, 189 insertions(+), 39 deletions(-)

-- 
2.24.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 0/4] virsh: secret: Improve handling of secret value

Posted by Daniel Henrique Barboza 3 days ago

On 1/10/20 12:42 PM, Peter Krempa wrote:
> The currently existing virsh APIs for secrets are awful for human use
> and don't promote security.
> 
> Peter Krempa (4):
>    virsh: secret: Add 'secret-passwd' command
>    virsh: secret: Allow getting secret's value without base64 encoding
>    virsh: secret: Allow setting secrets from file
>    docs: secret: Unify and sanitize examples on how to set secret value
> 
>   docs/formatsecret.html.in |  86 ++++++++++++++++++----------
>   docs/manpages/virsh.rst   |  26 ++++++++-
>   tools/virsh-secret.c      | 116 ++++++++++++++++++++++++++++++++++++--
>   3 files changed, 189 insertions(+), 39 deletions(-)
> 


Code-wise LGTM. I have a question about the design though.

Shouldn't we ask for a password confirmation when setting the secret
via secret-passwd? This would be more on par with how 'passwd' works
in Linux, and can also help to prevent user typos when setting a
secret.


Thanks,


DHB

Re: [libvirt] [PATCH 0/4] virsh: secret: Improve handling of secret value

Posted by Peter Krempa 3 days ago
On Tue, Jan 21, 2020 at 09:57:22 -0300, Daniel Henrique Barboza wrote:
> 
> 
> On 1/10/20 12:42 PM, Peter Krempa wrote:
> > The currently existing virsh APIs for secrets are awful for human use
> > and don't promote security.
> > 
> > Peter Krempa (4):
> >    virsh: secret: Add 'secret-passwd' command
> >    virsh: secret: Allow getting secret's value without base64 encoding
> >    virsh: secret: Allow setting secrets from file
> >    docs: secret: Unify and sanitize examples on how to set secret value
> > 
> >   docs/formatsecret.html.in |  86 ++++++++++++++++++----------
> >   docs/manpages/virsh.rst   |  26 ++++++++-
> >   tools/virsh-secret.c      | 116 ++++++++++++++++++++++++++++++++++++--
> >   3 files changed, 189 insertions(+), 39 deletions(-)
> > 
> 
> 
> Code-wise LGTM. I have a question about the design though.
> 
> Shouldn't we ask for a password confirmation when setting the secret
> via secret-passwd? This would be more on par with how 'passwd' works
> in Linux, and can also help to prevent user typos when setting a
> secret.

I don't really think that it's necessary. When you mess up changing of
your account password you won't be able to log in thus it's a good idea
to make more sure that you didn't miss-type it.

With libvirt secrets, it doesn't prevent you from fixing it later as you
aren't even asked for the previous value of the secret.

Re: [libvirt] [PATCH 0/4] virsh: secret: Improve handling of secret value

Posted by Daniel Henrique Barboza 3 days ago

On 1/21/20 10:03 AM, Peter Krempa wrote:
> On Tue, Jan 21, 2020 at 09:57:22 -0300, Daniel Henrique Barboza wrote:
>>
>>
>> On 1/10/20 12:42 PM, Peter Krempa wrote:
>>> The currently existing virsh APIs for secrets are awful for human use
>>> and don't promote security.
>>>
>>> Peter Krempa (4):
>>>     virsh: secret: Add 'secret-passwd' command
>>>     virsh: secret: Allow getting secret's value without base64 encoding
>>>     virsh: secret: Allow setting secrets from file
>>>     docs: secret: Unify and sanitize examples on how to set secret value
>>>
>>>    docs/formatsecret.html.in |  86 ++++++++++++++++++----------
>>>    docs/manpages/virsh.rst   |  26 ++++++++-
>>>    tools/virsh-secret.c      | 116 ++++++++++++++++++++++++++++++++++++--
>>>    3 files changed, 189 insertions(+), 39 deletions(-)
>>>
>>
>>
>> Code-wise LGTM. I have a question about the design though.
>>
>> Shouldn't we ask for a password confirmation when setting the secret
>> via secret-passwd? This would be more on par with how 'passwd' works
>> in Linux, and can also help to prevent user typos when setting a
>> secret.
> 
> I don't really think that it's necessary. When you mess up changing of
> your account password you won't be able to log in thus it's a good idea
> to make more sure that you didn't miss-type it.
> 
> With libvirt secrets, it doesn't prevent you from fixing it later as you
> aren't even asked for the previous value of the secret.


Those are fair points. I agree.


All patches:


Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>



> 

Re: [libvirt] [PATCH 0/4] virsh: secret: Improve handling of secret value

Posted by Peter Krempa 3 days ago
On Fri, Jan 10, 2020 at 16:42:40 +0100, Peter Krempa wrote:
> The currently existing virsh APIs for secrets are awful for human use
> and don't promote security.
> 
> Peter Krempa (4):
>   virsh: secret: Add 'secret-passwd' command
>   virsh: secret: Allow getting secret's value without base64 encoding
>   virsh: secret: Allow setting secrets from file
>   docs: secret: Unify and sanitize examples on how to set secret value

Ping