[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] vnc: refuse to set a password with VNC_AUTH_NON
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] [PATCH] vnc: refuse to set a password with VNC_AUTH_NONE |
Date: |
Wed, 11 Dec 2013 17:43:14 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130923 Thunderbird/17.0.9 |
Il 11/12/2013 17:29, Gerd Hoffmann ha scritto:
> On Mi, 2013-12-11 at 17:06 +0100, Paolo Bonzini wrote:
>> Il 11/12/2013 16:54, Gerd Hoffmann ha scritto:
>>> Current code silently changes the authentication settings
>>> in case you try to set a password without password authentication
>>> turned on. This is bad. Return an error instead.
>>>
>>> If we want allow changing auth settings at runtime this should
>>> be done explicitly using a separate monitor command, not as
>>> side effect of set_passwd.
>>>
>>> Signed-off-by: Gerd Hoffmann <address@hidden>
>>
>> Isn't this backwards-incompatible?
>
> Yes. I think it is the correct thing nevertheless.
Fine by me, let's just make sure we document it well. Can you start the
2.0 changelog wiki page?
> Users which want a passwort protected guests should configure vnc
> correctly to avoid a unprotected window between qemu start and setting
> the password.
>
> Also note that enabling passwd auth via "set_passwd" side-effect
> bypasses fips restrictions.
That'd be a clear bug, even one that could be fixed in stable versions.
Paolo
> So this is a clear security improvement IMHO.
>
> cheers,
> Gerd
>
>
>