On Wed, Sep 5, 2012 at 3:56 PM, Avi Kivity <avi@xxxxxxxxxx> wrote: > On 09/05/2012 09:03 AM, Asias He wrote: >> On Tue, Sep 4, 2012 at 9:07 PM, Avi Kivity <avi@xxxxxxxxxx> wrote: >>> On 08/24/2012 02:29 PM, Asias He wrote: >>>> It is useful to run a X program in guest and display it on host. >>>> >>>> 1) Make host's x server listen to localhost:6000 >>>> host_shell$ socat -d -d TCP-LISTEN:6000,fork,bind=localhost \ >>>> UNIX-CONNECT:/tmp/.X11-unix/X0 >>>> >>>> 2) Start the guest and run X program >>>> host_shell$ lkvm run -k /boot/bzImage >>>> guest_shell$ xlogo >>>> >>> >>> Note, this is insecure, don't do this with untrusted guests. >> >> In this use case, the user on the host side should trust the guest. >> >> Btw, any attack the untrusted guests can do with the X port which host listens? > > Steal the entire display, record user keystrokes, present false information. OK. > btw, how did it work? The you need the xauth cookie for this to work, > or disable authentication. The trick here is just listening tcp x11 port(only on localhost) and forwarding the tcp x11 data to local socket. The auth sutff should be done by the host side normal X11 setup. -- Asias He -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
