On Wed, Sep 5, 2012 at 5:29 PM, Avi Kivity <avi@xxxxxxxxxx> wrote: > On 09/05/2012 12:19 PM, Asias He wrote: >> On Wed, Sep 5, 2012 at 3:56 PM, Avi Kivity <avi@xxxxxxxxxx> wrote: >>> On 09/05/2012 09:03 AM, Asias He wrote: >>>> On Tue, Sep 4, 2012 at 9:07 PM, Avi Kivity <avi@xxxxxxxxxx> wrote: >>>>> On 08/24/2012 02:29 PM, Asias He wrote: >>>>>> It is useful to run a X program in guest and display it on host. >>>>>> >>>>>> 1) Make host's x server listen to localhost:6000 >>>>>> host_shell$ socat -d -d TCP-LISTEN:6000,fork,bind=localhost \ >>>>>> UNIX-CONNECT:/tmp/.X11-unix/X0 >>>>>> >>>>>> 2) Start the guest and run X program >>>>>> host_shell$ lkvm run -k /boot/bzImage >>>>>> guest_shell$ xlogo >>>>>> >>>>> >>>>> Note, this is insecure, don't do this with untrusted guests. >>>> >>>> In this use case, the user on the host side should trust the guest. >>>> >>>> Btw, any attack the untrusted guests can do with the X port which host listens? >>> >>> Steal the entire display, record user keystrokes, present false information. >> >> OK. >> >>> btw, how did it work? The you need the xauth cookie for this to work, >>> or disable authentication. >> >> The trick here is just listening tcp x11 port(only on localhost) and >> forwarding the tcp x11 data to local socket. >> The auth sutff should be done by the host side normal X11 setup. >> > > Ok. Then the socat command not only exposes the display to the guest, > but also to any local process with access to localhost:6000. Yes. It is a trick for people with 'Xorg -nolisten tcp' enabled. -- Asias He -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
