From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Daniel P. Berrange" <berrange@redhat.com>
Subject: Re: [PATCH] vnclisten for HVM vnc
Date: Wed, 27 Sep 2006 21:02:39 +0100
Message-ID: <20060927200239.GS20056@redhat.com>
References: <1157216132.2805.4.camel@aglarond.local>
	<1159385776.16252.17.camel@orodruin.boston.redhat.com>
	<20060927194202.GP20056@redhat.com>
	<1159387052.16252.20.camel@orodruin.boston.redhat.com>
Reply-To: "Daniel P. Berrange" <berrange@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-path: <xen-devel-bounces@lists.xensource.com>
Content-Disposition: inline
In-Reply-To: <1159387052.16252.20.camel@orodruin.boston.redhat.com>
List-Unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: Jeremy Katz <katzj@redhat.com>
Cc: xen-devel <xen-devel@lists.xensource.com>
List-Id: xen-devel@lists.xenproject.org

On Wed, Sep 27, 2006 at 03:57:31PM -0400, Jeremy Katz wrote:
> On Wed, 2006-09-27 at 20:42 +0100, Daniel P. Berrange wrote:
> > On Wed, Sep 27, 2006 at 03:36:16PM -0400, Jeremy Katz wrote:
> > > On Sat, 2006-09-02 at 12:55 -0400, Jeremy Katz wrote:
> > > > Implement a 'vnclisten' option to limit the interface that the VNC
> > > > server from qemu listens on.  This leaves the default behavior as
> > > > listening on all interfaces.
> > > > 
> > > > Signed-off-by: Jeremy Katz <katzj@redhat.com>
> > > 
> > > danpb said something about this and it reminded me I never saw any
> > > feedback.... Bueller? :-)
> > 
> > IMHO, we should only listen on 127.0.0.1  by default - particularly since
> > the Xen 3.0.3 release isn't going to have password authentication on the
> > VNC servers yet :-(   It'll be all too easy for someone to turn on VNC
> > in the guest config & not realize they just opened themselves up to any
> > person on the network by default. That kind of default insecure behaviour 
> > is best left in the Windows world 
> 
> I don't necessarily disagree, but changing the semantics like that felt
> a little bit ugly to me -- it definitely leads to a case where going
> from 3.0.2 -> 3.0.3 would break configurations users were actively
> using.

It is a painful problem I agree, but I think the security benefit is worth
the pain of breaking user's existing configs. Its not a difficult task for
users to re-enable the wide-open-to-anyone config if they really do need
it.

Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=|