[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password authentication (se
From: |
Paul Moore |
Subject: |
Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password authentication (security type 2) when in FIPS mode |
Date: |
Thu, 03 May 2012 16:51:40 -0400 |
User-agent: |
KMail/4.8.2 (Linux/3.3.4-gentoo; KDE/4.8.2; x86_64; ; ) |
On Thursday, May 03, 2012 09:29:15 AM Daniel P. Berrange wrote:
> On Wed, May 02, 2012 at 03:32:56PM -0400, Paul Moore wrote:
> > static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
> > {
> > #ifdef _VNC_DEBUG
> >
> > @@ -2748,6 +2772,14 @@ void vnc_display_init(DisplayState *ds)
> >
> > dcl->idle = 1;
> > vnc_display = vs;
> >
> > + vs->fips = fips_enabled();
> > + VNC_DEBUG("FIPS mode %s\n", (vs->fips ? "enabled" : "disabled"));
> > +#ifndef _WIN32
> > + if (vs->fips) {
> > + syslog(LOG_NOTICE, "Disabling VNC password auth due to FIPS
> > mode\n"); + }
> > +#endif /* _WIN32 */
>
> I really think this should only be done if a password is actually set.
> With the code as it is, then every single time you launch a VM you're
> going to get this message in syslog, which makes it appear as if something
> is trying to illegally use passwords in FIPS mode. I feel this will cause
> admins/auditors to be worried about something being wrong, when in fact
> everything is normal.
Yep. I can see arguments for either location but I'll go ahead and move it in
v3 which I will be posting shortly.
--
paul moore
security and virtualization @ redhat
- Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password authentication (security type 2) when in FIPS mode, (continued)
- Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password authentication (security type 2) when in FIPS mode, Daniel P. Berrange, 2012/05/03
- Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password authentication (security type 2) when in FIPS mode, Alexander Graf, 2012/05/03
- Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password authentication (security type 2) when in FIPS mode, Daniel P. Berrange, 2012/05/03
- Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password authentication (security type 2) when in FIPS mode, Alexander Graf, 2012/05/03
- Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password authentication (security type 2) when in FIPS mode, Daniel P. Berrange, 2012/05/03
- Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password authentication (security type 2) when in FIPS mode, Alexander Graf, 2012/05/03
- Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password authentication (security type 2) when in FIPS mode, Daniel P. Berrange, 2012/05/03
- Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password authentication (security type 2) when in FIPS mode, Alexander Graf, 2012/05/03
- Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password authentication (security type 2) when in FIPS mode, Paul Moore, 2012/05/03
- Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password authentication (security type 2) when in FIPS mode, Alexander Graf, 2012/05/03
Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password authentication (security type 2) when in FIPS mode,
Paul Moore <=
Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password authentication (security type 2) when in FIPS mode, Alexander Graf, 2012/05/03