login: warn about --password on command line

This isn't safe, since every commands arguments are available via /proc/<pid>/cmdline. Let's print a nasty warning and then add a --password-file option, so people can use a password file instead if they want automated access. Signed-off-by: Tycho Andersen <tycho@tycho.ws>
docker · Jun 20, 2017 · fa92e4d · fa92e4d
1 parent 6f6ccbd
commit fa92e4d
Showing 1 changed file with 32 additions and 0 deletions.
diff --git a/cli/command/registry/login.go b/cli/command/registry/login.go
@@ -2,6 +2,8 @@ package registry
 
 import (
 	"fmt"
+	"io/ioutil"
+	"os"
 
 	"golang.org/x/net/context"
 
@@ -16,6 +18,7 @@ type loginOptions struct {
 	serverAddress string
 	user          string
 	password      string
+	passwordFile  string
 	email         string
 }
 
@@ -40,6 +43,7 @@ func NewLoginCommand(dockerCli command.Cli) *cobra.Command {
 
 	flags.StringVarP(&opts.user, "username", "u", "", "Username")
 	flags.StringVarP(&opts.password, "password", "p", "", "Password")
+	flags.StringVarP(&opts.passwordFile, "password-file", "f", "", "Password file whose contents are the password itself")
 
 	return cmd
 }
@@ -48,6 +52,34 @@ func runLogin(dockerCli command.Cli, opts loginOptions) error {
 	ctx := context.Background()
 	clnt := dockerCli.Client()
 
+	if opts.password != "" {
+		fmt.Fprintf(os.Stderr, "Using --password via the CLI is insecure. Please use --password-file.\n")
+	}
+
+	if opts.passwordFile != "" {
+		contents, err := ioutil.ReadFile(opts.passwordFile)
+		if err != nil {
+			return err
+		}
+
+		/* Trim off the last \n in the file, if it exists. Most people
+		 * don't have \ns in their password, and this allows stuff like
+		 * echo "password" > foo, without having to remember to pass
+		 * -n, or vi, which can be configured to automatically append
+		 * newlines, etc.
+		 *
+		 * For users that do have a \n as the last character of their
+		 * password, they need to store it as \n\n. I think this
+		 * conforms to the principle of least surprise, but I could be
+		 * wrong :)
+		 */
+		if contents[len(contents)-1] == '\n' {
+			contents = contents[:len(contents)-1]
+		}
+
+		opts.password = string(contents)
+	}
+
 	var (
 		serverAddress string
 		authServer    = command.ElectAuthServer(ctx, dockerCli)