From 58c68764505acd3eedae6d72e6a15493a18029db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Wed, 3 Jul 2019 16:01:28 +0200 Subject: unattended: Read the passwords from a file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's not expose the user/root password in the CLI and, instead, let's rely on a file passed by the admin and read the password from there. 'CVE-2019-10183' has been assigned to the virt-install --unattended admin-password=xxx disclosure issue. Reviewed-by: Cole Robinson Signed-off-by: Fabiano FidĂȘncio --- man/virt-install.pod | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) (limited to 'man') diff --git a/man/virt-install.pod b/man/virt-install.pod index d8bd4127..081f28c3 100644 --- a/man/virt-install.pod +++ b/man/virt-install.pod @@ -612,13 +612,23 @@ Choose which libosinfo unattended profile to use. Most distros have a 'desktop' and a 'jeos' profile. virt-install will default to 'desktop' if this is unspecified. -=item B - -Set the VM OS admin/root password - -=item B - -Set the VM user password. The username is your current host username +=item B + +A file used to set the VM OS admin/root password from. This option can +be used either as "admin-password-file=/path/to/password-file" or as +"admin-password-file=/dev/fd/n", being n the file descriptor of the +password-file. +Note that only the first line of the file will be considered, including +any whitespace characters and excluding new-line. + +=item B + +A file used to set the VM user password. This option can be used either as +"user-password-file=/path/to/password-file" or as +"user-password-file=/dev/fd/n", being n the file descriptor of the +password-file. The username is your current host username. +Note that only the first line of the file will be considered, including +any whitespace characters and excluding new-line. =item B -- cgit v1.2.1