[libvirt] [PATCH 0/4] virsh: secret: Improve handling of secret value

Peter Krempa posted 4 patches 30 weeks ago
Test syntax-check failed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/cover.1578670887.git.pkrempa@redhat.com
docs/formatsecret.html.in |  86 ++++++++++++++++++----------
docs/manpages/virsh.rst   |  26 ++++++++-
tools/virsh-secret.c      | 116 ++++++++++++++++++++++++++++++++++++--
3 files changed, 189 insertions(+), 39 deletions(-)

[libvirt] [PATCH 0/4] virsh: secret: Improve handling of secret value

Posted by Peter Krempa 30 weeks ago
The currently existing virsh APIs for secrets are awful for human use
and don't promote security.

Peter Krempa (4):
  virsh: secret: Add 'secret-passwd' command
  virsh: secret: Allow getting secret's value without base64 encoding
  virsh: secret: Allow setting secrets from file
  docs: secret: Unify and sanitize examples on how to set secret value

 docs/formatsecret.html.in |  86 ++++++++++++++++++----------
 docs/manpages/virsh.rst   |  26 ++++++++-
 tools/virsh-secret.c      | 116 ++++++++++++++++++++++++++++++++++++--
 3 files changed, 189 insertions(+), 39 deletions(-)

-- 
2.24.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 0/4] virsh: secret: Improve handling of secret value

Posted by Daniel Henrique Barboza 28 weeks ago

On 1/10/20 12:42 PM, Peter Krempa wrote:
> The currently existing virsh APIs for secrets are awful for human use
> and don't promote security.
> 
> Peter Krempa (4):
>    virsh: secret: Add 'secret-passwd' command
>    virsh: secret: Allow getting secret's value without base64 encoding
>    virsh: secret: Allow setting secrets from file
>    docs: secret: Unify and sanitize examples on how to set secret value
> 
>   docs/formatsecret.html.in |  86 ++++++++++++++++++----------
>   docs/manpages/virsh.rst   |  26 ++++++++-
>   tools/virsh-secret.c      | 116 ++++++++++++++++++++++++++++++++++++--
>   3 files changed, 189 insertions(+), 39 deletions(-)
> 


Code-wise LGTM. I have a question about the design though.

Shouldn't we ask for a password confirmation when setting the secret
via secret-passwd? This would be more on par with how 'passwd' works
in Linux, and can also help to prevent user typos when setting a
secret.


Thanks,


DHB

Re: [libvirt] [PATCH 0/4] virsh: secret: Improve handling of secret value

Posted by Peter Krempa 28 weeks ago
On Tue, Jan 21, 2020 at 09:57:22 -0300, Daniel Henrique Barboza wrote:
> 
> 
> On 1/10/20 12:42 PM, Peter Krempa wrote:
> > The currently existing virsh APIs for secrets are awful for human use
> > and don't promote security.
> > 
> > Peter Krempa (4):
> >    virsh: secret: Add 'secret-passwd' command
> >    virsh: secret: Allow getting secret's value without base64 encoding
> >    virsh: secret: Allow setting secrets from file
> >    docs: secret: Unify and sanitize examples on how to set secret value
> > 
> >   docs/formatsecret.html.in |  86 ++++++++++++++++++----------
> >   docs/manpages/virsh.rst   |  26 ++++++++-
> >   tools/virsh-secret.c      | 116 ++++++++++++++++++++++++++++++++++++--
> >   3 files changed, 189 insertions(+), 39 deletions(-)
> > 
> 
> 
> Code-wise LGTM. I have a question about the design though.
> 
> Shouldn't we ask for a password confirmation when setting the secret
> via secret-passwd? This would be more on par with how 'passwd' works
> in Linux, and can also help to prevent user typos when setting a
> secret.

I don't really think that it's necessary. When you mess up changing of
your account password you won't be able to log in thus it's a good idea
to make more sure that you didn't miss-type it.

With libvirt secrets, it doesn't prevent you from fixing it later as you
aren't even asked for the previous value of the secret.

Re: [libvirt] [PATCH 0/4] virsh: secret: Improve handling of secret value

Posted by Daniel Henrique Barboza 28 weeks ago

On 1/21/20 10:03 AM, Peter Krempa wrote:
> On Tue, Jan 21, 2020 at 09:57:22 -0300, Daniel Henrique Barboza wrote:
>>
>>
>> On 1/10/20 12:42 PM, Peter Krempa wrote:
>>> The currently existing virsh APIs for secrets are awful for human use
>>> and don't promote security.
>>>
>>> Peter Krempa (4):
>>>     virsh: secret: Add 'secret-passwd' command
>>>     virsh: secret: Allow getting secret's value without base64 encoding
>>>     virsh: secret: Allow setting secrets from file
>>>     docs: secret: Unify and sanitize examples on how to set secret value
>>>
>>>    docs/formatsecret.html.in |  86 ++++++++++++++++++----------
>>>    docs/manpages/virsh.rst   |  26 ++++++++-
>>>    tools/virsh-secret.c      | 116 ++++++++++++++++++++++++++++++++++++--
>>>    3 files changed, 189 insertions(+), 39 deletions(-)
>>>
>>
>>
>> Code-wise LGTM. I have a question about the design though.
>>
>> Shouldn't we ask for a password confirmation when setting the secret
>> via secret-passwd? This would be more on par with how 'passwd' works
>> in Linux, and can also help to prevent user typos when setting a
>> secret.
> 
> I don't really think that it's necessary. When you mess up changing of
> your account password you won't be able to log in thus it's a good idea
> to make more sure that you didn't miss-type it.
> 
> With libvirt secrets, it doesn't prevent you from fixing it later as you
> aren't even asked for the previous value of the secret.


Those are fair points. I agree.


All patches:


Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>



> 

Re: [libvirt] [PATCH 0/4] virsh: secret: Improve handling of secret value

Posted by Peter Krempa 28 weeks ago
On Fri, Jan 10, 2020 at 16:42:40 +0100, Peter Krempa wrote:
> The currently existing virsh APIs for secrets are awful for human use
> and don't promote security.
> 
> Peter Krempa (4):
>   virsh: secret: Add 'secret-passwd' command
>   virsh: secret: Allow getting secret's value without base64 encoding
>   virsh: secret: Allow setting secrets from file
>   docs: secret: Unify and sanitize examples on how to set secret value

Ping