rpms / libosinfo

Clone
Source Code
GIT

Blame SOURCES/0012-tools-install-script-Deprecate-config-user-admin-pas.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c7-beta
  2.   SOURCES
  3.   0012-tools-install-script-Deprecate-config-user-admin-pas.patch
Blob History Raw
0a59fa 
From 3654abee6ead9f11f8bb9ba8fc71efd6fa4dabbc Mon Sep 17 00:00:00 2001
0a59fa 
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
0a59fa 
Date: Wed, 3 Jul 2019 14:59:07 +0200
0a59fa 
Subject: [PATCH] tools,install-script: Deprecate --config
0a59fa 
 {user,admin}-password
0a59fa 
MIME-Version: 1.0
0a59fa 
Content-Type: text/plain; charset=UTF-8
0a59fa 
Content-Transfer-Encoding: 8bit
0a59fa
0a59fa 
Let's deprecate user-password and admin-password options of --config and
0a59fa 
also warn out whenever they're passed to osinfo-install-script.
0a59fa
0a59fa 
CVE-2019-13313
0a59fa 
Libosinfo: osinfo-install-script option leaks password via command line
0a59fa 
argument. 'osinfo-install-script' is used to generate a script for
0a59fa 
automated guest installations. It accepts user and admin passwords via
0a59fa 
command line arguments, thus leaking them via process listing.
0a59fa
0a59fa 
Signed-off-by: Fabiano FidĂȘncio <fidencio@redhat.com>
0a59fa 
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
0a59fa 
---
0a59fa 
 tools/osinfo-install-script.c | 10 ++++++++++
0a59fa 
 1 file changed, 10 insertions(+)
0a59fa
0a59fa 
diff --git a/tools/osinfo-install-script.c b/tools/osinfo-install-script.c
0a59fa 
index af58440..c0528e7 100644
0a59fa 
--- a/tools/osinfo-install-script.c
0a59fa 
+++ b/tools/osinfo-install-script.c
0a59fa 
@@ -85,6 +85,12 @@ static gboolean handle_config(const gchar *option_name G_GNUC_UNUSED,
0a59fa 
     val++;
0a59fa 
     key = g_strndup(value, len);
0a59fa
0a59fa 
+    if (g_str_equal(key, OSINFO_INSTALL_CONFIG_PROP_USER_PASSWORD) ||
0a59fa 
+        g_str_equal(key, OSINFO_INSTALL_CONFIG_PROP_ADMIN_PASSWORD)) {
0a59fa 
+        g_warning("When setting user or admin password, use --config-file "
0a59fa 
+                  "instead.\n");
0a59fa 
+    }
0a59fa 
+
0a59fa 
     osinfo_entity_set_param(OSINFO_ENTITY(config),
0a59fa 
                             key,
0a59fa 
                             val);
0a59fa 
@@ -556,10 +562,14 @@ The local language
0a59fa 
 =item C<admin-password>
0a59fa
0a59fa 
 The administrator password
0a59fa 
+This option has been deprecated, use B<--config-file>
0a59fa 
+for setting the admin password.
0a59fa
0a59fa 
 =item C<user-password>
0a59fa
0a59fa 
 The user password
0a59fa 
+This option has been deprecated, use B<--config-file>
0a59fa 
+for setting the user password.
0a59fa
0a59fa 
 =item C<user-login>
0a59fa
0a59fa 
--
0a59fa 
2.21.0
0a59fa

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation