[virt-tools-list] [virt-manager PATCH v2 0/2] unattended: Don't expose user & admin passwords
Cole Robinson
crobinso at redhat.com
Wed Jul 3 17:32:59 UTC 2019
On 7/3/19 10:01 AM, Fabiano Fidêncio wrote:
> Let's not expose user & admin passwords neither by having an option to
> be used to set those passwords nor in the debug messages.
>
> 'CVE-2019-10183' has been assigned to the virt-install --unattended
> admin-password=xxx disclosure issue.
>
> Changes since v1:
> https://www.redhat.com/archives/virt-tools-list/2019-July/msg00013.html
> - passowrd -> password;
> - pwd.read().rstrip("\n\r") -> pwd.readline().rstrip("\n\r") + document
> this in our manpage;
> - create a new config, with the sanitised password, and use it to print
> the script content as a debug message;
>
> Fabiano Fidêncio (2):
> unattended: Read the passwords from a file
> unattended: Don't log user & admin passwords
>
> man/virt-install.pod | 24 ++++++++----
> tests/cli-test-xml/admin-password.txt | 1 +
> tests/cli-test-xml/user-password.txt | 3 ++
> tests/clitest.py | 18 +++++----
> virtinst/cli.py | 4 +-
> virtinst/install/unattended.py | 56 ++++++++++++++++++++-------
> 6 files changed, 76 insertions(+), 30 deletions(-)
> create mode 100644 tests/cli-test-xml/admin-password.txt
> create mode 100644 tests/cli-test-xml/user-password.txt
>
Fixed some pylint warnings and pushed
Thanks,
Cole
More information about the virt-tools-list
mailing list