[PATCH 04/11] virStorageBackendISCSISetAuth: Don't bother securely erasing password
Daniel P. Berrangé
berrange at redhat.com
Mon Dec 12 09:10:33 UTC 2022
On Fri, Dec 09, 2022 at 05:28:56PM +0100, Peter Krempa wrote:
> We fetch the password via RPC so it's already contained in an
> un-sanitized buffer and pass it to 'iscsiadm' via virCommand where it's
> in another un-sanitized buffer (and on the commandline!!).
Just because there are other places in the code which are not
perfect, doesn't mean we should delete this.
Note, if iscsiadm really forces us to pass secrets on the CLI, that
is a significant flaw in its design, that really needs to be reported
as a security bug against iscsiadm IMHO. They need to provide a secure
channel to receiving passwords.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list