qemu doesn't sanitize command line options carrying plaintext passwords
Bug #1136477 reported by
Frank Ch. Eigler
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| QEMU |
Expired
|
Undecided
|
Unassigned | ||
Bug Description
A slight security problem exists with qemu's lack of sanitization of argv[], for cases where the user may have specified a plaintext password for spice/vnc authorization. (Yes, it's not great to use this facility, but it's convenient and not grotesquely unsafe, were it not for this bug.) It would be nice if those plaintext passwords were nuked from the command line, so a subsequent "ps awux" didn't show them for all to see.
Revision history for this message
| Anthony Liguori (anthony-codemonkey) wrote | #1 |
| information type: | Private Security → Private |
| information type: | Private → Public |
Revision history for this message
| Thomas Huth (th-huth) wrote | #2 |
| Changed in qemu: | |
| status: | New → Incomplete |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #3 |
| Changed in qemu: | |
| status: | Incomplete → Expired |
To post a comment you must log in.
Hi,
Thanks for submitting this report. I've removed the security label from the bug after reading through the comments and the referenced bug. Modifying argv is not terribly portable and I think a reasonable person would expect that a password specified on the command line would be visible through a ps.
Patches would certainly be considered but I don't consider this a security issue. Just a request for an enhancement.