From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Daniel P. Berrange" <berrange@redhat.com>
Subject: Re: ioemu: empty vnc passwd
Date: Wed, 23 Jan 2008 17:43:38 +0000
Message-ID: <20080123174338.GE17258@redhat.com>
References: <20080123161130.GD5188@implementation.uk.xensource.com>
	<20080123163555.GF24352@redhat.com>
	<20080123172614.GD18326@totally.trollied.org.uk>
	<20080123173341.GD17258@redhat.com>
	<20080123173820.GE18326@totally.trollied.org.uk>
Reply-To: "Daniel P. Berrange" <berrange@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-path: <xen-devel-bounces@lists.xensource.com>
Content-Disposition: inline
In-Reply-To: <20080123173820.GE18326@totally.trollied.org.uk>
List-Unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: John Levon <levon@movementarian.org>
Cc: xen-devel@lists.xensource.com, Samuel Thibault <samuel.thibault@eu.citrix.com>
List-Id: xen-devel@lists.xenproject.org

On Wed, Jan 23, 2008 at 05:38:20PM +0000, John Levon wrote:
> On Wed, Jan 23, 2008 at 05:33:41PM +0000, Daniel P. Berrange wrote:
> 
> > > I'm confused: if there's no config or xend password at all, then the
> > > domain won't start:
> > > 
> > >             if vncpasswd is None:
> > >                 raise VmError('vncpasswd is not setup in vmconfig or '
> > >                               'xend-config.sxp')
> > 
> > Sorry, my bad description - by no xend password, i meant the default
> > xend-config.sxp which is in fact  ''.  Frankly this check above is
> > a waste of time - it should just treat None as ""
> 
> Except on Solaris we don't have such a default - the user's forced to
> set something (there doesn't seem to be even a vaguely secure default?)

There's no sane default for VNC passwords - whether you have on or not
its still basically insecure due to design of the VNC auth, hence the
config just defaults to '' & 127.0.0.1 which is as good as you'll get 
for VNC over TCP. 

If we wanted a real secure out of the box setup, we'd need to make XenD 
only expose the VNC server as a UNIX domain socket, so that access can
be restricted to root. QEMU has this ability already - we simply don't
use it in Xen. Of course no VNC client knows how to connect to a VNC 
server over a UNIX domain socket directly. You can use netcat + ssh to
tunnel to/from a remote host. I could also extend GTK-VNC & virt-manager
and/or virt-viewer to support it pretty easily.

Regards,
Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=|