From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=43667 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1PnvRH-0000v6-U5
	for qemu-devel@nongnu.org; Fri, 11 Feb 2011 11:01:44 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <bounces@canonical.com>) id 1PnvRG-0005Ef-FS
	for qemu-devel@nongnu.org; Fri, 11 Feb 2011 11:01:43 -0500
Received: from adelie.canonical.com ([91.189.90.139]:33806)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bounces@canonical.com>) id 1PnvRG-0005ED-Aq
	for qemu-devel@nongnu.org; Fri, 11 Feb 2011 11:01:42 -0500
Received: from loganberry.canonical.com ([91.189.90.37])
	by adelie.canonical.com with esmtp (Exim 4.71 #1 (Debian))
	id 1PnvRE-0001FW-C8
	for <qemu-devel@nongnu.org>; Fri, 11 Feb 2011 16:01:40 +0000
Received: from loganberry.canonical.com (localhost [127.0.0.1])
	by loganberry.canonical.com (Postfix) with ESMTP id C12C82E8154
	for <qemu-devel@nongnu.org>; Fri, 11 Feb 2011 16:01:38 +0000 (UTC)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Date: Fri, 11 Feb 2011 15:51:21 -0000
From: Dustin Kirkland <dustin.kirkland@gmail.com>
Sender: bounces@canonical.com
References: <20110104122142.23014.63077.malonedeb@gandwana.canonical.com>
Message-Id: <20110211155124.20761.9999.launchpad@palladium.canonical.com>
Errors-To: bounces@canonical.com
Subject: [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC
	in libvirt
Reply-To: Bug 697197 <697197@bugs.launchpad.net>
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

** Changed in: libvirt (Ubuntu Maverick)
       Status: New =3D> Invalid

-- =

You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/697197

Title:
  Empty password allows access to VNC in libvirt

Status in libvirt virtualization API:
  Unknown
Status in QEMU:
  Confirmed
Status in qemu-kvm:
  Unknown
Status in =E2=80=9Clibvirt=E2=80=9D package in Ubuntu:
  Invalid
Status in =E2=80=9Cqemu-kvm=E2=80=9D package in Ubuntu:
  Fix Released
Status in =E2=80=9Clibvirt=E2=80=9D source package in Lucid:
  New
Status in =E2=80=9Cqemu-kvm=E2=80=9D source package in Lucid:
  In Progress
Status in =E2=80=9Clibvirt=E2=80=9D source package in Maverick:
  Invalid
Status in =E2=80=9Cqemu-kvm=E2=80=9D source package in Maverick:
  In Progress
Status in =E2=80=9Clibvirt=E2=80=9D source package in Natty:
  Invalid
Status in =E2=80=9Cqemu-kvm=E2=80=9D source package in Natty:
  Fix Released

Bug description:
  The help in the /etc/libvirt/qemu.conf states

  "To allow access without passwords, leave this commented out. An empty
  string will still enable passwords, but be rejected by QEMU
  effectively preventing any use of VNC."

  yet setting:

  vnc_password=3D""

  allows access to the vnc console without any password prompt just as
  if it is hashed out completely.

  ProblemType: Bug
  DistroRelease: Ubuntu 10.10
  Package: libvirt-bin 0.8.3-1ubuntu14
  ProcVersionSignature: Ubuntu 2.6.35-24.42-server 2.6.35.8
  Uname: Linux 2.6.35-24-server x86_64
  Architecture: amd64
  Date: Tue Jan  4 12:18:35 2011
  InstallationMedia: Ubuntu-Server 10.04.1 LTS "Lucid Lynx" - Release amd64=
 (20100816.2)
  ProcEnviron:
   LANG=3Den_GB.UTF-8
   SHELL=3D/bin/bash
  SourcePackage: libvirt