From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:60899)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pmoore@redhat.com>) id 1Sc1tv-000778-RP
	for qemu-devel@nongnu.org; Tue, 05 Jun 2012 18:06:57 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pmoore@redhat.com>) id 1Sc1tu-0001c5-35
	for qemu-devel@nongnu.org; Tue, 05 Jun 2012 18:06:55 -0400
Received: from mx1.redhat.com ([209.132.183.28]:23707)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pmoore@redhat.com>) id 1Sc1tt-0001bb-RW
	for qemu-devel@nongnu.org; Tue, 05 Jun 2012 18:06:54 -0400
From: Paul Moore <pmoore@redhat.com>
Date: Tue, 05 Jun 2012 18:06:49 -0400
Message-ID: <58221974.kN8gObynPi@sifl>
In-Reply-To: <C1037405-80E8-4681-BA7B-AC474316BBE8@suse.de>
References: <20120502193256.6508.86360.stgit@sifl> <19991522.vNS8Qaqbpf@sifl>
	<C1037405-80E8-4681-BA7B-AC474316BBE8@suse.de>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
Subject: Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password
	authentication (security type 2) when in FIPS mode
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Alexander Graf <agraf@suse.de>
Cc: qemu-devel Developers <qemu-devel@nongnu.org>, Anthony Liguori <anthony@codemonkey.ws>, Roman Drahtmueller <draht@suse.de>

On Tuesday, June 05, 2012 11:51:40 PM Alexander Graf wrote:
> On 05.06.2012, at 23:45, Paul Moore wrote:
> > On Tuesday, June 05, 2012 03:08:26 AM Alexander Graf wrote:
> >> Which gets me to a new idea. Why not exit(1) when we detect FIPS and a
> >> password is set? I agree with the assessment that we should never
> >> silently drop features. So the best way to make sure that the user knows
> >> he did something stupid (enable FIPS, but require a non-FIPS compliant
> >> authentication method) would be to just quit, no?
> > 
> > That is basically what the patch does now.  In vnc_display_open() if it
> > detects that the user has supplied a VNC password it prints an error to
> > stderr and returns an error which causes QEMU to exit.
> > 
> > The error message displayed is shown below:
> > 
> > "VNC password auth disabled due to FIPS mode, consider using the VeNCrypt
> >  or SASL authentication methods as an alernative"
> > 
> > ... which seems pretty obvious to me.  If anyone would prefer something
> > different, let me know.
> 
> No, as long as the spelling is actually correct and not the one above,
> that's perfectly fine.

What, not a fan of my "alernative" spelling?  Fixed in the next version of the 
patch :)

> I just have a habit of not reading the patches I comment on :).

If nothing else, it makes the discussions much more interesting :)

> > On Tuesday, June 05, 2012 09:23:04 AM Anthony Liguori wrote:
> >> I think my primary requirement is: allow a user to use vnc authentication
> >> even when fips mode is active by using some command line option.
> > 
> > I'll agree that FIPS mode can be a bit silly in the case of QEMU and VNC
> > but to be honest, that requirement above seems just as silly to me, if
> > not more so.  However, if making this behavior optional is what it takes
> > to get the patch accepted, so be it.
> > 
> > I'll start working on v4 of the patch tomorrow.
> 
> Let's just wait for Anthony to reply ...

Fine with me, I've got plenty else to do in the meantime and I don't think 
this is 1.1 material anyway.

-- 
paul moore
security and virtualization @ redhat