From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:45991)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1QwEoU-0004YX-GZ
	for qemu-devel@nongnu.org; Wed, 24 Aug 2011 10:52:19 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1QwEoT-0007Za-Gc
	for qemu-devel@nongnu.org; Wed, 24 Aug 2011 10:52:18 -0400
Received: from mx1.redhat.com ([209.132.183.28]:52896)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1QwEoT-0007ZK-3Z
	for qemu-devel@nongnu.org; Wed, 24 Aug 2011 10:52:17 -0400
Message-ID: <4E55101C.8080700@redhat.com>
Date: Wed, 24 Aug 2011 16:52:12 +0200
From: Gerd Hoffmann <kraxel@redhat.com>
MIME-Version: 1.0
References: <1314183661-14483-1-git-send-email-berrange@redhat.com>	<4E54F252.7020007@codemonkey.ws>	<20110824125040.GG12120@redhat.com>
	<4E54F4CA.1000809@codemonkey.ws>
In-Reply-To: <4E54F4CA.1000809@codemonkey.ws>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH STABLE-0.14/0.15/master] CVE-2011-0011: fix
 VNC password change to not touch authentication settings
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: qemu-devel@nongnu.org

   Hi,

> I'll buy an argument about usability but not about security. We need a
> higher level command to disable login

expire_password vnc now

> and a higher level command to set
> the vnc password. This interface should be considered deprecated.

set_password vnc secret

HTH,
   Gerd