From: Anthony Liguori <aliguori@linux.vnet.ibm.com>
To: "Daniel P. Berrange" <berrange@redhat.com>
Cc: Neil Wilson <neil@aldur.co.uk>, Gerd Hoffmann <kraxel@redhat.com>,
qemu-devel@nongnu.org
Subject: [Qemu-devel] Re: [PATCH] vnc: Fix password expiration through 'change vnc ""'
Date: Mon, 14 Feb 2011 08:14:07 -0600 [thread overview]
Message-ID: <4D5938AF.904@linux.vnet.ibm.com> (raw)
In-Reply-To: <20110214122410.GG2729@redhat.com>
On 02/14/2011 06:24 AM, Daniel P. Berrange wrote:
> On Mon, Feb 14, 2011 at 06:10:04AM -0600, Anthony Liguori wrote:
>
>> On 02/14/2011 04:57 AM, Gerd Hoffmann wrote:
>>
>>> On 01/31/11 21:43, Anthony Liguori wrote:
>>>
>>>> commit 52c18be9e99dabe295321153fda7fce9f76647ac introduced a
>>>> regression in the
>>>> change vnc password command that changed the behavior of setting the VNC
>>>> password to an empty string from disabling login to disabling
>>>> authentication.
>>>>
>>>> This commit refactors the code to eliminate this overloaded semantics in
>>>> vnc_display_password and instead introduces the
>>>> vnc_display_disable_login. The
>>>> monitor implementation then determines the behavior of an empty
>>>> or missing
>>>> string.
>>>>
>>> Hmm, now about simply never ever changing vs->auth?
>>>
>> If auth is none and you do a vnc change password "" then if we don't
>> set vs->auth to vnc, it won't have the desired effect. I really
>> dislike the semantics of this command but that was a past mistake.
>>
> Actually blindly setting 'vs->auth' to 'vnc' is also a security flaw.
>
But this is the semantics of the command. I agree it's stupid but a
security flaw is a regression and this is not a regression.
This is why the set-password command no longer does any of this nonsense.
> If using the VeNCrypt security method, then 'vs->auth' will be VENCRYPT
> and the 'vs->subauth' will possibly indicate the 'VNC' sub-auth scheme.
> So we really do want the change password command to leave 'vs->auth'
> alone completely - just change the password string, with no side effects
> on auth methods. If an app intends to use the change password command
> it will have already launched QEMU with neccessary -vnc flags to set the
> desired vs->auth and vs->subauth methods.
>
I think I see how this could work but I'm not sure it's worth doing.
I'd rather just leave the (bad) semantics of this command alone and
deprecate the interface.
Regards,
Anthony Liguori
> Regards,
> Daniel
>
next prev parent reply other threads:[~2011-02-14 14:14 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-31 20:43 [Qemu-devel] [PATCH] vnc: Fix password expiration through 'change vnc ""' Anthony Liguori
2011-01-31 21:32 ` Anthony Liguori
2011-02-03 16:29 ` [Qemu-devel] " Daniel P. Berrange
2011-02-03 16:35 ` Anthony Liguori
2011-02-03 17:02 ` Daniel P. Berrange
2011-02-03 17:16 ` Anthony Liguori
2011-02-04 8:56 ` Markus Armbruster
2011-02-14 10:57 ` Gerd Hoffmann
2011-02-14 12:10 ` Anthony Liguori
2011-02-14 12:24 ` Daniel P. Berrange
2011-02-14 14:14 ` Anthony Liguori [this message]
2011-02-14 14:47 ` Daniel P. Berrange
2011-02-14 13:56 ` Gerd Hoffmann
2011-02-14 14:16 ` Anthony Liguori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D5938AF.904@linux.vnet.ibm.com \
--to=aliguori@linux.vnet.ibm.com \
--cc=berrange@redhat.com \
--cc=kraxel@redhat.com \
--cc=neil@aldur.co.uk \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.