[Libguestfs] [PATCH nbdkit] vddk: Disallow password=-

Eric Blake eblake at redhat.com
Mon Jun 1 17:31:37 UTC 2020


On 6/1/20 12:16 PM, Richard W.M. Jones wrote:

>> And I already see that you have the counterpart v2v patch that
>> hoists the reading of the password into v2v instead of worrying
>> about vddk; the v2v hack of using a temporary file "works" in spite
>> of our re-exec reading it twice, even if we want to eventually reach
>> the point where a more complex patch in the vddk plugin would only
>> read the password once before re-exec.
> 
> The other advantage with doing this in virt-v2v is that there is a
> place to clean up this temporary file.  There was as far as I could
> tell no easy way for nbdkit to reexec itself with
> password=+/tmp/<generated file> and have that file get cleaned up.
> Not a problem since the file is not large, but nicer not to leave
> passwords around if we can help it.

Sure there is:

user passes password=-
.config reads the password interactively, into a variable
re-exec code sees that we have a password string, so it calls:
  fd=open("/safe/temp/name", O_CREAT|O_EXCL|O_RDWR, 0600)
  unlink("/safe/temp/name")
  write(fd, password...)
  lseek(fd, 0, SEEK_SET)
  rewrite command-line to use password="-fd"
re-exec with altered command-line
  .config sees password=-N, reads from the temporary file, which closes 
the fd

That would also solve the fact that even with password=/path/to/file, 
our re-exec code is reading the password twice; or worse, with 
password=-4, we are not rewinding the file position of fd 4 (if it is 
seekable) and the re-exec is reading from the wrong position (worse if 
fd 4 is non-seekable, and we cannot rewind).

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3226
Virtualization:  qemu.org | libvirt.org




More information about the Libguestfs mailing list