On Wed, Sep 5, 2012 at 4:00 PM, Pekka Enberg <penberg@xxxxxxxxxx> wrote: > On 08/24/2012 02:29 PM, Asias He wrote: >>> It is useful to run a X program in guest and display it on host. >>> >>> 1) Make host's x server listen to localhost:6000 >>> host_shell$ socat -d -d TCP-LISTEN:6000,fork,bind=localhost \ >>> UNIX-CONNECT:/tmp/.X11-unix/X0 >>> >>> 2) Start the guest and run X program >>> host_shell$ lkvm run -k /boot/bzImage >>> guest_shell$ xlogo > > On Tue, Sep 4, 2012 at 4:07 PM, Avi Kivity <avi@xxxxxxxxxx> wrote: >> Note, this is insecure, don't do this with untrusted guests. > > Asias, can we add a command line argument that enables this? It'd be > safer to keep it disabled by default. Step 1) is not started by lkvm, if user does not run the socat cmd in host side, the remote display for guest will not work at all. This patch only set DISPLAY env to host IP. if user runs the socat cmd in host side, even if without the exporting DISPLAY env, the untrusted guest can also do the attack. -- Asias He -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
