[Libosinfo] [libosinfo PATCH 2/2] tools, install-script: Do not accept user & admin password via --config
Fabiano Fidêncio
fidencio at redhat.com
Fri Jul 5 09:15:48 UTC 2019
On Fri, Jul 5, 2019 at 10:27 AM Fabiano Fidêncio <fidencio at redhat.com> wrote:
>
> As passing user & admin password via command line is a low impact CVE,
> let's error out when it's done and advertise the users to use
> --config-file instead.
>
> Signed-off-by: Fabiano Fidêncio <fidencio at redhat.com>
> ---
> tools/osinfo-install-script.c | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git a/tools/osinfo-install-script.c b/tools/osinfo-install-script.c
> index efa96ee..3da4a69 100644
> --- a/tools/osinfo-install-script.c
> +++ b/tools/osinfo-install-script.c
> @@ -85,6 +85,15 @@ static gboolean handle_config(const gchar *option_name G_GNUC_UNUSED,
> val++;
> key = g_strndup(value, len);
>
> + if (g_str_equal(key, OSINFO_INSTALL_CONFIG_PROP_USER_PASSWORD) ||
> + g_str_equal(key, OSINFO_INSTALL_CONFIG_PROP_ADMIN_PASSWORD)) {
> + g_set_error(error, OSINFO_ERROR, 0,
> + _("When setting user or admin password, use "
> + "--config-file instead.\n"));
> + g_free(key);
> + return FALSE;
> + }
> +
> osinfo_entity_set_param(OSINFO_ENTITY(config),
> key,
> val);
> @@ -520,6 +529,8 @@ script. Defaults to C<media>, but can also be C<network>.
>
> Set the configuration parameter C<key> to C<value>.
>
> +Note: this option has been deprecated, use B<--config-file=> instead.
> +
> =item B<--config-file=config-file>
>
> Set the configurations parameters according to the config-file passed.
> --
> 2.21.0
>
Ops, with this diff included:
fidencio at laerte ~/src/upstream/libosinfo $ git diff
diff --git a/tools/osinfo-install-script.c b/tools/osinfo-install-script.c
index 3da4a69..e641008 100644
--- a/tools/osinfo-install-script.c
+++ b/tools/osinfo-install-script.c
@@ -529,8 +529,6 @@ script. Defaults to C<media>, but can also be C<network>.
Set the configuration parameter C<key> to C<value>.
-Note: this option has been deprecated, use B<--config-file=> instead.
-
=item B<--config-file=config-file>
Set the configurations parameters according to the config-file passed.
@@ -561,11 +559,11 @@ The local language
=item C<admin-password>
-The administrator password
+The administrator password (only supported via --config-file)
=item C<user-password>
-The user password
+The user password (only supported via --config-file)
=item C<user-login>
More information about the Libosinfo
mailing list