[virt-tools-list] [virt-manager PATCH 0/2] unattended: Don't expose user & admin passwords
Fabiano Fidêncio
fidencio at redhat.com
Tue Jul 2 19:21:43 UTC 2019
Let's not expose user & admin passwords neither by having an option to
be used to set those passwords nor in the debug messages.
'CVE-2019-10183' has been assigned to the virt-install --unattended
admin-password=xxx disclosure issue.
Fabiano Fidêncio (2):
unattended: Read the passwords from a file
unattended: Don't log user & admin passwords
man/virt-install.pod | 14 +++++++---
tests/cli-test-xml/admin-password.txt | 1 +
tests/cli-test-xml/user-password.txt | 3 +++
tests/clitest.py | 18 +++++++------
virtinst/cli.py | 4 +--
virtinst/install/unattended.py | 38 ++++++++++++++++++---------
6 files changed, 52 insertions(+), 26 deletions(-)
create mode 100644 tests/cli-test-xml/admin-password.txt
create mode 100644 tests/cli-test-xml/user-password.txt
--
2.21.0
More information about the virt-tools-list
mailing list