From mboxrd@z Thu Jan  1 00:00:00 1970
From: Avi Kivity <avi@redhat.com>
Subject: Re: [PATCH 1/2] kvm tools: Export DISPLAY ENV as our default host
 ip address
Date: Wed, 05 Sep 2012 12:29:47 +0300
Message-ID: <50471B8B.5060701@redhat.com>
References: <1345807781-23452-1-git-send-email-asias.hejun@gmail.com> <5045FD1E.2080602@redhat.com> <CAFO3S41N449eySJ0VgCb5CypgncEx26Dz6U2bmEw2-7bSiKS6w@mail.gmail.com> <50470592.4090002@redhat.com> <CAFO3S40SbKJLR_x-ADCDZcphF1sARteugPT+u5jUHW78d_OHPw@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: Pekka Enberg <penberg@kernel.org>,
	Sasha Levin <levinsasha928@gmail.com>,
	Ingo Molnar <mingo@elte.hu>,
	Cyrill Gorcunov <gorcunov@gmail.com>, kvm@vger.kernel.org
To: Asias He <asias.hejun@gmail.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:22697 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751706Ab2IEJaC (ORCPT <rfc822;kvm@vger.kernel.org>);
	Wed, 5 Sep 2012 05:30:02 -0400
In-Reply-To: <CAFO3S40SbKJLR_x-ADCDZcphF1sARteugPT+u5jUHW78d_OHPw@mail.gmail.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On 09/05/2012 12:19 PM, Asias He wrote:
> On Wed, Sep 5, 2012 at 3:56 PM, Avi Kivity <avi@redhat.com> wrote:
>> On 09/05/2012 09:03 AM, Asias He wrote:
>>> On Tue, Sep 4, 2012 at 9:07 PM, Avi Kivity <avi@redhat.com> wrote:
>>>> On 08/24/2012 02:29 PM, Asias He wrote:
>>>>> It is useful to run a X program in guest and display it on host.
>>>>>
>>>>> 1) Make host's x server listen to localhost:6000
>>>>>    host_shell$ socat -d -d TCP-LISTEN:6000,fork,bind=localhost \
>>>>>                UNIX-CONNECT:/tmp/.X11-unix/X0
>>>>>
>>>>> 2) Start the guest and run X program
>>>>>    host_shell$ lkvm run -k /boot/bzImage
>>>>>   guest_shell$ xlogo
>>>>>
>>>>
>>>> Note, this is insecure, don't do this with untrusted guests.
>>>
>>> In this use case, the user on the host side should trust the guest.
>>>
>>> Btw, any attack the untrusted guests can do with the X port which host listens?
>>
>> Steal the entire display, record user keystrokes, present false information.
> 
> OK.
> 
>> btw, how did it work?  The you need the xauth cookie for this to work,
>> or disable authentication.
> 
> The trick here is just listening tcp x11 port(only on localhost) and
> forwarding the tcp x11 data to local socket.
> The auth sutff should be done by the host side normal X11 setup.
> 

Ok.  Then the socat command not only exposes the display to the guest,
but also to any local process with access to localhost:6000.


-- 
error compiling committee.c: too many arguments to function