Re: [Qemu-devel] [PATCH] This patch adds a new block driver : iSCSI

[Daniel P. Berrange]

On Thu, Sep 15, 2011 at 08:51:00AM +1000, ronnie sahlberg wrote:
> On Thu, Sep 15, 2011 at 12:36 AM, Christoph Hellwig <address@hidden> wrote:
> ...
> >> > +/*
> >> > + * We support iscsi url's on the form
> >> > + * iscsi://[<username>%<password>@]<host>[:<port>]/<targetname>/<lun>
> >> > + */
> >
> > Is having username + password on the command line really a that good idea?
> > Also what about the more complicated iSCSI authentification schemes?
> 
> In general it is a very bad idea. For local use on a private box it is
> convenient to be able to use "<username>%<password>@" syntax.
> For use on a shared box, libiscsi supports an alternative method too
> by setting the username and/or password via environment variables :
> LIBISCSI_CHAP_USERNAME=...  LIBISCSI_CHAP_PASSWORD=...

Environement variables are only a tiny bit better, since this still allows
the password to leak to any processes which can read /proc/$PID/environ.
It is also undesirable wrt many distro trouble shooting tools (eg Fedora/
RHEL's sosreport) which capture the contents of /proc/$PID/environ as part
of their data collection process. This means your passwords will end up
in attachments to bugzilla / issue tracker tickets.

For block devs with encrypted QCow2 disks (and VNC/SPICE) QEMU requires the
password to be set via the monitor. Since this iscsi: protocol is part of
the block layer, IMHO, the password should be settable the same way via the
monitor

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|