From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:48300)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1Sbh72-00083c-Ox
	for qemu-devel@nongnu.org; Mon, 04 Jun 2012 19:55:06 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1Sbh70-0003LW-Sn
	for qemu-devel@nongnu.org; Mon, 04 Jun 2012 19:55:04 -0400
Received: from mail-pb0-f45.google.com ([209.85.160.45]:60050)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1Sbh70-0003I8-L0
	for qemu-devel@nongnu.org; Mon, 04 Jun 2012 19:55:02 -0400
Received: by pbbro12 with SMTP id ro12so7238557pbb.4
	for <qemu-devel@nongnu.org>; Mon, 04 Jun 2012 16:55:00 -0700 (PDT)
Message-ID: <4FCD4ACF.4000809@codemonkey.ws>
Date: Tue, 05 Jun 2012 07:54:55 +0800
From: Anthony Liguori <anthony@codemonkey.ws>
MIME-Version: 1.0
References: <20120502193256.6508.86360.stgit@sifl>
	<4FCAB60E.1070107@codemonkey.ws> <10302697.mednriu9QL@sifl>
	<4FCD409C.70003@codemonkey.ws>
	<1E364312-A64D-4D14-90A4-89C8F2BA8A54@suse.de>
In-Reply-To: <1E364312-A64D-4D14-90A4-89C8F2BA8A54@suse.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password
 authentication (security type 2) when in FIPS mode
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Alexander Graf <agraf@suse.de>
Cc: Paul Moore <pmoore@redhat.com>, qemu-devel@nongnu.org

On 06/05/2012 07:17 AM, Alexander Graf wrote:
>
> On 05.06.2012, at 01:11, Anthony Liguori wrote:
>
>> On 06/05/2012 02:16 AM, Paul Moore wrote:
>>> On Sunday, June 03, 2012 08:55:42 AM Anthony Liguori wrote:
>>>> This needs to be optional and disabled by default I think.  I strongly
>>>> dislike  disabling a feature when a user isn't asking for it.  You can
>>>> introduce a global -enable-fips-mode or something like that.
>>>
>>> I'll resend the patch, but before I do I want to make sure the defaults are
>>> set to whatever you find acceptable to merging and the second sentence above
>>> has me a little confused; do you mean "... dislike _enabling_ a feature when a
>>> user isn't asking for it."?
>>
>> I dislike *removing* a feature unless a user has explicitly asked us too.
>>
>> If a user isn't aware that fips mode is enabled, they will have no idea why VNC authentication doesn't work.  I think we should let a user choice whether they want QEMU to respect fips mode or not.
>
> While I agree in general, for FIPS chances are basically negligible that you accidentally enable it. And if you do, the rest of your system will have gone mad before you notice QEMU behaving differently anyways :)

Have you ever experienced a random failure on an SELinux box that made no 
logical sense?  Out of desperation, you setenforce 0 and magically, thinks work 
again.

Even if the user enabled fips mode, they may not understand that this means VNC 
authentication will stop working.  Providing an option (1) allows the user to 
discover what the problem is (2) makes the behavior much more clear.

Removing features based on a magic procfs variable with no input from the user 
is a bad idea IMHO.

Regards,

Anthony Liguori

>
> Alex
>