@@ -146,6 +146,14 @@ library enabled as a cryptography provider.
Neither the ``nettle`` library, or the built-in cryptography provider are
supported on FIPS enabled hosts.
+``-spice password=string`` (since 6.0)
+''''''''''''''''''''''''''''''''''''''
+
+This option is insecure because the SPICE password remains visible in
+the process listing. This is replaced by the new ``password-secret``
+option which lets the password be securely provided on the command
+line using a ``secret`` object instance.
+
QEMU Machine Protocol (QMP) commands
------------------------------------
@@ -1926,6 +1926,10 @@ SRST
``password=<string>``
Set the password you need to authenticate.
+ This option is deprecated and insecure because it leaves the
+ password visible in the process listing. Use ``password-secret``
+ instead.
+
``password-secret=<secret-id>``
Set the ID of the ``secret`` object containing the password
you need to authenticate.
@@ -685,6 +685,10 @@ static void qemu_spice_init(void)
}
} else {
str = qemu_opt_get(opts, "password");
+ if (str) {
+ warn_report("'password' option is deprecated and insecure, "
+ "use 'password-secret' instead");
+ }
password = g_strdup(str);
}
With the new "password-secret" option, there is no reason to use the old inecure "password" option with -spice, so it can be deprecated. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- docs/system/deprecated.rst | 8 ++++++++ qemu-options.hx | 4 ++++ ui/spice-core.c | 4 ++++ 3 files changed, 16 insertions(+)