Re: [Qemu-devel] [PATCH 2/3] vnc: support password expire

["Daniel P. Berrange" <berrange@redhat.com>]

On Thu, Oct 07, 2010 at 02:53:05PM -0500, Anthony Liguori wrote:
> On 10/07/2010 06:15 AM, Gerd Hoffmann wrote:
> >This patch adds support for expiring passwords to vnc.  It adds a new
> >lifetime parameter to the vnc_display_password() function, which
> >specifies the number of seconds the new password will be valid.  Passing
> >zero as lifetime maintains current behavior (password never expires).
> >
> >Signed-off-by: Gerd Hoffmann<kraxel@redhat.com>
> >   
> 
> This has been posted before and I've never understood it.  Why can't a 
> management tool just expire passwords on it's own?

If the management tool crashes or is restarted for some reason
then it may miss the expiry task. 

> How does password expiration help with security at all?

VNC passwords are obviously rather weak, so if you can limit
the time the password is valid to the window in which you
are expecting the incoming VNC connection this limits the
time to attack the VNC password. A mgmt tool could do

  - Set a VNC password
  - Open the VNC connection
  - Clear the VNC password

If anything goes wrong in the mgmt tool at step 2 though,
then it may never to step 3, leaving the VNC server accessible.
If it had set a password expiry at step 1, it would have a
safety net that guarentees the password will be invalid after
'n' seconds, even if not explicitly cleared. Given how little
code this is in QEMU, I think it is a worthwhile feature.

Regards,
Daniel
-- 
|: Red Hat, Engineering, London    -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org        -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|