From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:52597)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pmoore@redhat.com>) id 1Sc1ZQ-0001Kr-Au
	for qemu-devel@nongnu.org; Tue, 05 Jun 2012 17:45:45 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pmoore@redhat.com>) id 1Sc1ZO-00058d-Ec
	for qemu-devel@nongnu.org; Tue, 05 Jun 2012 17:45:43 -0400
Received: from mx1.redhat.com ([209.132.183.28]:51376)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pmoore@redhat.com>) id 1Sc1ZO-00058T-6n
	for qemu-devel@nongnu.org; Tue, 05 Jun 2012 17:45:42 -0400
From: Paul Moore <pmoore@redhat.com>
Date: Tue, 05 Jun 2012 17:45:37 -0400
Message-ID: <19991522.vNS8Qaqbpf@sifl>
In-Reply-To: <FF828E1A-3C24-4CE6-B0FE-31BA668FFA38@suse.de>
References: <20120502193256.6508.86360.stgit@sifl>
	<4FCD5AD1.9080406@codemonkey.ws>
	<FF828E1A-3C24-4CE6-B0FE-31BA668FFA38@suse.de>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
Subject: Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password
	authentication (security type 2) when in FIPS mode
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Alexander Graf <agraf@suse.de>, Anthony Liguori <anthony@codemonkey.ws>
Cc: qemu-devel Developers <qemu-devel@nongnu.org>, Roman Drahtmueller <draht@suse.de>

On Tuesday, June 05, 2012 03:08:26 AM Alexander Graf wrote:
> Which gets me to a new idea. Why not exit(1) when we detect FIPS and a
> password is set? I agree with the assessment that we should never silently
> drop features. So the best way to make sure that the user knows he did
> something stupid (enable FIPS, but require a non-FIPS compliant
> authentication method) would be to just quit, no?

That is basically what the patch does now.  In vnc_display_open() if it 
detects that the user has supplied a VNC password it prints an error to stderr 
and returns an error which causes QEMU to exit.

The error message displayed is shown below:

 "VNC password auth disabled due to FIPS mode, consider using the VeNCrypt
  or SASL authentication methods as an alernative"

... which seems pretty obvious to me.  If anyone would prefer something 
different, let me know.

On Tuesday, June 05, 2012 09:23:04 AM Anthony Liguori wrote:
> I think my primary requirement is: allow a user to use vnc authentication
> even when fips mode is active by using some command line option.

I'll agree that FIPS mode can be a bit silly in the case of QEMU and VNC but 
to be honest, that requirement above seems just as silly to me, if not more 
so.  However, if making this behavior optional is what it takes to get the 
patch accepted, so be it.

I'll start working on v4 of the patch tomorrow.

-- 
paul moore
security and virtualization @ redhat