[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Possible security enhancement for QEMU
From: |
Peter Maydell |
Subject: |
Re: [Qemu-devel] Possible security enhancement for QEMU |
Date: |
Mon, 29 Dec 2014 21:26:45 +0000 |
On 29 December 2014 at 19:09, Attila-Mihaly Balazs <address@hidden> wrote:
> My suggestion for improvement would be:
> - change the behaviour of "-vnc :port" such that it listens on "127.0.0.1"
> when the IP isn't specified
> - if host is "0.0.0.0" (perhaps also include any routable IPv4 addresses -
> and non-link-local IPv6 addresses) and no authentication method is specified
> error out with a message like "It is recommended that you DO NOT expose the
> VNC server directly to the public internet. If you are sure of what you are
> doing, please specify an authentication method for the VNC server. See the
> documentation for more details"
Seems reasonable to me. Some questions:
* do we need an option for "yes, I know what I'm doing and do not
want any authentication" ?
* how many of these VMs are configured for wide-open VNC by libvirt or
similar management tool rather than by the user directly running QEMU?
thanks
-- PMM