ui: deprecate "password" option for SPICE server

With the new "password-secret" option, there is no reason to use the old inecure "password" option with -spice, so it can be deprecated. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20210311114343.439820-4-berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-11 11:43:43 +00:00 · 2021-03-11 11:43:43 +00:00 · c47c0bcb33
parent 99522f69d6
commit c47c0bcb33
3 changed files with 14 additions and 0 deletions
--- a/docs/system/deprecated.rst
+++ b/docs/system/deprecated.rst
@ -174,6 +174,14 @@ Input parameters that take a size value should only use a size suffix
 the value is hexadecimal.  That is, '0x20M' is deprecated, and should
 be written either as '32M' or as '0x2000000'.

+``-spice password=string`` (since 6.0)
+''''''''''''''''''''''''''''''''''''''
+
+This option is insecure because the SPICE password remains visible in
+the process listing. This is replaced by the new ``password-secret``
+option which lets the password be securely provided on the command
+line using a ``secret`` object instance.
+
 QEMU Machine Protocol (QMP) commands
 ------------------------------------

--- a/qemu-options.hx
+++ b/qemu-options.hx
@ -1928,6 +1928,10 @@ SRST
    ``password=<string>``
        Set the password you need to authenticate.

+        This option is deprecated and insecure because it leaves the
+        password visible in the process listing. Use ``password-secret``
+        instead.
+
    ``password-secret=<secret-id>``
        Set the ID of the ``secret`` object containing the password
        you need to authenticate.
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@ -686,6 +686,8 @@ static void qemu_spice_init(void)
    } else {
        str = qemu_opt_get(opts, "password");
        if (str) {
+            warn_report("'password' option is deprecated and insecure, "
+                        "use 'password-secret' instead");
            password = g_strdup(str);
        }
    }