Description of problem: The password and user for the authentication towards libvirt are static, the user is vdsm@ovirt and the password is in gerrit and never gets changed after installation: http://gerrit.ovirt.org/gitweb?p=vdsm.git;a=blob;f=vdsm/libvirt_password;h=09e60bce9bc401bb8943154f7cb9cb08bd0f49da;hb=refs/heads/master Version-Release number of selected component (if applicable): latest master and also present in 3.3.2 production release. How reproducible: always Steps to Reproduce: 1. 2. 3. Actual results: everyone with access to the sourcecode (so: everyone) can interact with libvirt, once access to the hypervisor machine is gained Expected results: generate a random password, use diffie-hellman, anything secure, but no static password for the whole userbase of ovirt. Additional info:
The "password" that Vdsm uses to communicate with libvirt over the host-local vdsm-owned unix domain socket is NOT a security measure. It is an obfuscation of the read/write libvirt interface, designed to deter local administrators from changing libvirt directly. Cf. bug 570526 about the sad history of this request.
*** Bug 1309769 has been marked as a duplicate of this bug. ***