From nobody Fri Dec 19 04:23:34 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 216.205.24.124 as permitted sender) client-ip=216.205.24.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1613760424; cv=none;
	d=zohomail.com; s=zohoarc;
	b=cMqT6sMTsM2fcTmUF70EqZcqo0tK/FegobhcoeyHjpLzTa44+7tElgStl05AC76U1RlJGkNTBadteeKEj1nsv6OnUK2gjQ8plQnL7FZvWIiCPyp3f6KED1AJem1Vdeks3DzazG3HXsLjQ/CDQ8cleZ0f5i4YtOnxfp2m2Ydc9Wg=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1613760424;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=70YiwS+Mt/KT4H0sb13wx+Z0CHCB+Frf6Usm84JH6Oc=;
	b=azNXJTklI/KybTADSDtDGFhhZ6bi+FtfFXjT6NfFABwKJksL+Evi2qtVWqp/4+EPeNo+12umSzuxzFaOvoS+3mbkQ7tihHudbby4T8/dGhVfv8Ikv7VV/i3nR8Cxd9A8+q5FreJPiNK3j65leZaH5434bT5Rpu9RjDa5cM65zoY=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
 header.from=<berrange@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com
	with SMTPS id 1613760424323415.55849936891855;
 Fri, 19 Feb 2021 10:47:04 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-216-kV309rpxP86lSPyhtDRXeA-1; Fri, 19 Feb 2021 13:46:35 -0500
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 19BCA107ACE3;
	Fri, 19 Feb 2021 18:46:29 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id E4CA810016F9;
	Fri, 19 Feb 2021 18:46:28 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id B10121809C90;
	Fri, 19 Feb 2021 18:46:28 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
	[10.5.11.23])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 11JIkCGS029402 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 19 Feb 2021 13:46:12 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id E4EA11970A; Fri, 19 Feb 2021 18:46:12 +0000 (UTC)
Received: from localhost.localdomain.com (ovpn-112-33.ams2.redhat.com
	[10.36.112.33])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 5EBFB19D9B;
	Fri, 19 Feb 2021 18:46:11 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1613760423;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=70YiwS+Mt/KT4H0sb13wx+Z0CHCB+Frf6Usm84JH6Oc=;
	b=gQbEu+SXBvxbXAEF/qHUyXbEU16iPZT6UlFZHoHx/QLW5W/ZxO2aHZOrA7UJb6smrg+ZuV
	DFGkfO4Ga8/30ZI7iuT14cBRn6wH9CsbOu9ANtmJ+xA22vmtYG9pewYcgFdin65pfZfezL
	LLKmllw+RJCESXGCsaE8t2CkOtrC0ws=
X-MC-Unique: kV309rpxP86lSPyhtDRXeA-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: qemu-devel@nongnu.org
Subject: [PATCH 3/4] ui: deprecate "password" option for SPICE server
Date: Fri, 19 Feb 2021 18:45:55 +0000
Message-Id: <20210219184556.154972-4-berrange@redhat.com>
In-Reply-To: <20210219184556.154972-1-berrange@redhat.com>
References: <20210219184556.154972-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-loop: libvir-list@redhat.com
Cc: libvir-list@redhat.com, Gerd Hoffmann <kraxel@redhat.com>,
	"Dr. David Alan Gilbert" <dgilbert@redhat.com>
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)

With the new "password-secret" option, there is no reason to use the old
inecure "password" option with -spice, so it can be deprecated.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 docs/system/deprecated.rst | 8 ++++++++
 qemu-options.hx            | 4 ++++
 ui/spice-core.c            | 4 ++++
 3 files changed, 16 insertions(+)

diff --git a/docs/system/deprecated.rst b/docs/system/deprecated.rst
index 2fcac7861e..57ff9f47cc 100644
--- a/docs/system/deprecated.rst
+++ b/docs/system/deprecated.rst
@@ -146,6 +146,14 @@ library enabled as a cryptography provider.
 Neither the ``nettle`` library, or the built-in cryptography provider are
 supported on FIPS enabled hosts.
=20
+``-spice password=3Dstring`` (since 6.0)
+''''''''''''''''''''''''''''''''''''''
+
+This option is insecure because the SPICE password remains visible in
+the process listing. This is replaced by the new ``password-secret``
+option which lets the password be securely provided on the command
+line using a ``secret`` object instance.
+
 QEMU Machine Protocol (QMP) commands
 ------------------------------------
=20
diff --git a/qemu-options.hx b/qemu-options.hx
index ff4ef3b708..4833bd59cf 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -1926,6 +1926,10 @@ SRST
     ``password=3D<string>``
         Set the password you need to authenticate.
=20
+        This option is deprecated and insecure because it leaves the
+        password visible in the process listing. Use ``password-secret``
+        instead.
+
     ``password-secret=3D<secret-id>``
         Set the ID of the ``secret`` object containing the password
         you need to authenticate.
diff --git a/ui/spice-core.c b/ui/spice-core.c
index 353848b244..5e00e31457 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -685,6 +685,10 @@ static void qemu_spice_init(void)
         }
     } else {
         str =3D qemu_opt_get(opts, "password");
+        if (str) {
+            warn_report("'password' option is deprecated and insecure, "
+                        "use 'password-secret' instead");
+        }
         password =3D g_strdup(str);
     }
=20
--=20
2.29.2