From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Christoph Egger" <Christoph.Egger@amd.com>
Subject: Re: ioemu: empty vnc passwd
Date: Wed, 23 Jan 2008 17:19:33 +0100
Message-ID: <200801231719.34142.Christoph.Egger@amd.com>
References: <20080123161130.GD5188@implementation.uk.xensource.com>
Mime-Version: 1.0
Content-Type: text/plain;
 charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <20080123161130.GD5188@implementation.uk.xensource.com>
Content-Disposition: inline
List-Unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: xen-devel@lists.xensource.com
Cc: Samuel Thibault <samuel.thibault@eu.citrix.com>
List-Id: xen-devel@lists.xenproject.org


If we do a debug build let us assume we are in a testing environment.
There an empty vnc password is ok.
If we don't make a debug build, let us assume we are in a production=20
environment where an empty vnc password is a security risk.

Christoph


On Wednesday 23 January 2008 17:11:30 Samuel Thibault wrote:
> Hello,
>
> There is a small bug in xenstore.c: the following patch is needed
> because else xenstore_read_vncpasswd would return 0 even when it is
> unable to read the passwd.
>
> diff -r 9e92672385a5 tools/ioemu/xenstore.c
> --- a/tools/ioemu/xenstore.c	Wed Jan 23 13:37:03 2008 +0000
> +++ b/tools/ioemu/xenstore.c	Wed Jan 23 15:53:01 2008 +0000
> @@ -518,7 +518,7 @@ int xenstore_read_vncpasswd(int domid, c
>          pwbuf[0] =3D '\0';
>          free(uuid);
>          free(path);
> -        return rc;
> +        return -1;
>      }
>
>      for (i=3D0; i<len && i<pwbuflen; i++) {
>
> However, that means we can't use an empty passwd any more, while that
> may be quite useful e.g. in testing environments, so that we would need
> the following patch:
>
> diff -r 9e92672385a5 tools/ioemu/vl.c
> --- a/tools/ioemu/vl.c	Wed Jan 23 13:37:03 2008 +0000
> +++ b/tools/ioemu/vl.c	Wed Jan 23 15:55:38 2008 +0000
> @@ -7756,8 +7756,7 @@ int main(int argc, char **argv)
>  	int vnc_display_port;
>  	char password[20];
>  	vnc_display_init(ds);
> -	if (xenstore_read_vncpasswd(domid, password, sizeof(password)) < 0)
> -	    exit(0);
> +	xenstore_read_vncpasswd(domid, password, sizeof(password));
>  	vnc_display_password(ds, password);
>  	if ((vnc_display_port =3D vnc_display_open(ds, vnc_display, vncunused))=
 <
> 0) exit (0);
>
> in order to just ignore a missing passwd.
> What do people think about that?
>
> Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel



=2D-=20
AMD Saxony, Dresden, Germany
Operating System Research Center

Legal Information:
AMD Saxony Limited Liability Company & Co. KG
Sitz (Gesch=E4ftsanschrift):
   Wilschdorfer Landstr. 101, 01109 Dresden, Deutschland
Registergericht Dresden: HRA 4896
vertretungsberechtigter Komplement=E4r:
   AMD Saxony LLC (Sitz Wilmington, Delaware, USA)
Gesch=E4ftsf=FChrer der AMD Saxony LLC:
   Dr. Hans-R. Deppe, Thomas McCoy