Re: [PATCH] qemu.conf: update vnc_password docs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 06/05/2013 07:11 AM, Daniel P. Berrange wrote:
> On Wed, Jun 05, 2013 at 03:09:54PM +0200, Ján Tomko wrote:
>> QEMU does accept empty VNC passwords now and allows anyone
>> to connect with an empty password.
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=969542
>> ---
>>  src/qemu/qemu.conf | 6 +++---
>>  1 file changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
>> index cdf1ec4..49ef75f 100644
>> --- a/src/qemu/qemu.conf
>> +++ b/src/qemu/qemu.conf
>> @@ -62,9 +62,9 @@
>>  # VNC passwords. This parameter is only used if the per-domain
>>  # XML config does not already provide a password. To allow
>>  # access without passwords, leave this commented out. An empty
>> -# string will still enable passwords, but be rejected by QEMU,
>> -# effectively preventing any use of VNC. Obviously change this
>> -# example here before you set this.
>> +# string might either prevent any use of VNC or allow access
>> +# with an empty password depending on QEMU version. Obviously
>> +# change this example here before you set this.
>>  #
>>  #vnc_password = "XYZ12345"
> 
> NACK. This is not correct. This is a security flaw and regression
> in behaviour that must be fixed, if true.

Agreed - even if qemu has changed behavior on what the empty string
means, WE have documented it to mean no access permitted, and we MUST
stick with our definition (even if it means probing qemu's functionality
and behaving differently according to what qemu we are controlling).  We
already document that there is a difference between omitting the
vnc_password line item (allowing access) and supplying an empty string
(denying access).

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]