Plaintext-specified passwords should be nuked from the later process-visible command line, making this a bit of a security risk. % qemu-kvm -vga qxl -spice port:NNN,password=FOOBAR & % ps awux [...shows FOOBAR...] It may be possible to correct this by updating argv[] string contents at run time.
While this feature exists, it is strongly recommended that no one use it. There is a secure way to provide a password via the monitor command, which all management apps including libvirt use in preference to this. I don't think it is worth going to the trouble of trying to munge argv. People should simply not use this feature at all.
(In reply to comment #1) > While this feature exists, it is strongly recommended that no one use it. > There is a secure way to provide a password via the monitor command, which > all management apps including libvirt use in preference to this. I don't > think it is worth going to the trouble of trying to munge argv. People > should simply not use this feature at all. Agreed. Frank, if you still feel strongly about it, please file an upstream qemu bug: https://bugs.launchpad.net/qemu/