[virt-tools-list] [virt-manager PATCH v2 0/2] unattended: Don't expose user & admin passwords
Fabiano Fidêncio
fidencio at redhat.com
Wed Jul 3 14:01:27 UTC 2019
Let's not expose user & admin passwords neither by having an option to
be used to set those passwords nor in the debug messages.
'CVE-2019-10183' has been assigned to the virt-install --unattended
admin-password=xxx disclosure issue.
Changes since v1:
https://www.redhat.com/archives/virt-tools-list/2019-July/msg00013.html
- passowrd -> password;
- pwd.read().rstrip("\n\r") -> pwd.readline().rstrip("\n\r") + document
this in our manpage;
- create a new config, with the sanitised password, and use it to print
the script content as a debug message;
Fabiano Fidêncio (2):
unattended: Read the passwords from a file
unattended: Don't log user & admin passwords
man/virt-install.pod | 24 ++++++++----
tests/cli-test-xml/admin-password.txt | 1 +
tests/cli-test-xml/user-password.txt | 3 ++
tests/clitest.py | 18 +++++----
virtinst/cli.py | 4 +-
virtinst/install/unattended.py | 56 ++++++++++++++++++++-------
6 files changed, 76 insertions(+), 30 deletions(-)
create mode 100644 tests/cli-test-xml/admin-password.txt
create mode 100644 tests/cli-test-xml/user-password.txt
--
2.21.0
More information about the virt-tools-list
mailing list