Re: [Libguestfs] [PATCH nbdkit] vddk: Disallow password=-
On 6/1/20 12:16 PM, Richard W.M. Jones wrote:
> And I already see that you have the counterpart v2v patch that
> hoists the reading of the password into v2v instead of worrying
> about vddk; the v2v hack of using a temporary file "works" in spite
> of our re-exec reading it twice, even if we want to eventually reach
> the point where a more complex patch in the vddk plugin would only
> read the password once before re-exec.
The other advantage with doing this in virt-v2v is that there is a
place to clean up this temporary file. There was as far as I could
tell no easy way for nbdkit to reexec itself with
password=+/tmp/<generated file> and have that file get cleaned up.
Not a problem since the file is not large, but nicer not to leave
passwords around if we can help it.
Sure there is:
user passes password=-
.config reads the password interactively, into a variable
re-exec code sees that we have a password string, so it calls:
fd=open("/safe/temp/name", O_CREAT|O_EXCL|O_RDWR, 0600)
unlink("/safe/temp/name")
write(fd, password...)
lseek(fd, 0, SEEK_SET)
rewrite command-line to use password="-fd"
re-exec with altered command-line
.config sees password=-N, reads from the temporary file, which closes
the fd
That would also solve the fact that even with password=/path/to/file,
our re-exec code is reading the password twice; or worse, with
password=-4, we are not rewinding the file position of fd 4 (if it is
seekable) and the re-exec is reading from the wrong position (worse if
fd 4 is non-seekable, and we cannot rewind).
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org