Re: [PATCH 4/4] bhyve: add VNC password support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 6 May 2020, at 15:41, Daniel P. Berrangé wrote:
On Linux at least, providing passwords on the command line is considered
a security flaw, because any user can see the command line args of any
other process on the host.

Agreed. The only reason bhyve supports this is to support VNC clients that don’t support password-less authentication. Since it doesn’t have any configuration file, and stdin may be used by the client, I’m unsure what the alternative would be.

If CLI args of processes are similarly visible to other users on FreeBSD,
then this VNC password would be a security flaw.
They are by default, however FreeBSD does have a sysctl that disallows seeing other user’s processes. Since a few versions, users can easily configure this sysctl in the FreeBSD installer.

Of course VNC password auth scheme itself is a security flaw since it is
using Single-DES :-)

The bhyve(8) man page states that too:

This type of authentication is known to be cryptographically weak and is not intended for use on untrusted networks. Many implementations will want to use stronger security, such as running the session over an encrypted
channel provided by IPsec or SSH.

(On a side note, it seems that Single-DES got even more broken recently: https://eprint.iacr.org/2020/523)

I guess this is something that should probably also be added to that man page. Should we add a comment about this as well as the password being visible to the docs on libvirt’s side?






[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux