All of lore.kernel.org
 help / color / mirror / Atom feed
From: Neil Wilson <neil@aldur.co.uk>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt
Date: Fri, 28 Jan 2011 17:58:08 -0000	[thread overview]
Message-ID: <20110128175808.31693.3165.malone@wampee.canonical.com> (raw)
In-Reply-To: 20110104122142.23014.63077.malonedeb@gandwana.canonical.com

Installed patched build onto Maverick server. vnc_listen set to 0.0.0.0
in /etc/libvirt/qemu.conf

Set vnc_password=""' with vnc_tls=1 in /etc/libvirt/qemu.conf and
confirmed that the lanched server now rejects authentication for any
password, whereas it turned off authentication and encryption completely
before.

Hashed out vnc_password and left vnc_tls=1 in /etc/libvirt/qemu.conf.
Confirmed that the server uses anonymous auth with TLS. Allows the user
on without a password. qemu-kvm launched with -vnc
0.0.0.0:0,tls,x509=/etc/pki/libvirt-vnc

Hashed out vnc_tls=1. Confirmed server allows direct access to VNC.
qemu-kvm launched with -vnc 0.0.0.0:0

Set vnc_password="". Confirmed server rejects authentication for any
password, with no encryption. Again previously it had just let the user
on. qemu-kvm launched with -vnc 0.0.0.0:0,password

set vnc_password="password". Confirmed server accepts authentication
with that password. qemu-kvm launched with -vnc 0.0.0.0:0,password

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/697197

Title:
  Empty password allows access to VNC in libvirt

Status in libvirt virtualization API:
  Unknown
Status in QEMU:
  New
Status in qemu-kvm:
  Unknown
Status in “libvirt” package in Ubuntu:
  Invalid
Status in “qemu-kvm” package in Ubuntu:
  Confirmed

Bug description:
  The help in the /etc/libvirt/qemu.conf states

  "To allow access without passwords, leave this commented out. An empty
  string will still enable passwords, but be rejected by QEMU
  effectively preventing any use of VNC."

  yet setting:

  vnc_password=""

  allows access to the vnc console without any password prompt just as
  if it is hashed out completely.

  ProblemType: Bug
  DistroRelease: Ubuntu 10.10
  Package: libvirt-bin 0.8.3-1ubuntu14
  ProcVersionSignature: Ubuntu 2.6.35-24.42-server 2.6.35.8
  Uname: Linux 2.6.35-24-server x86_64
  Architecture: amd64
  Date: Tue Jan  4 12:18:35 2011
  InstallationMedia: Ubuntu-Server 10.04.1 LTS "Lucid Lynx" - Release amd64 (20100816.2)
  ProcEnviron:
   LANG=en_GB.UTF-8
   SHELL=/bin/bash
  SourcePackage: libvirt

  parent reply	other threads:[~2011-01-28 18:17 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20110104122142.23014.63077.malonedeb@gandwana.canonical.com>
2011-01-28 15:09 ` [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt Neil Wilson
2011-01-28 15:28 ` Neil Wilson
2011-01-28 15:59 ` Launchpad Bug Tracker
2011-01-28 17:44 ` Neil Wilson
2011-01-28 17:58 ` Neil Wilson [this message]
2011-01-28 17:58 ` Neil Wilson
2011-01-28 18:24 ` Neil Wilson
2011-01-31 19:53 ` Anthony Liguori
2011-02-11 15:27 ` Dustin Kirkland
2011-02-11 15:36 ` Dustin Kirkland
2011-02-11 15:41 ` Dustin Kirkland
2011-02-11 15:42 ` Dustin Kirkland
2011-02-11 15:51 ` Dustin Kirkland
2011-02-11 15:51 ` Neil Wilson
2011-02-11 15:51 ` Dustin Kirkland
2011-02-11 15:54 ` Dustin Kirkland
2011-02-11 15:59 ` Dustin Kirkland
2011-02-11 16:00 ` Launchpad Bug Tracker
2011-02-11 16:00 ` Dustin Kirkland
2011-02-11 18:47 ` Launchpad Bug Tracker
2011-02-11 20:13 ` Launchpad Bug Tracker
2011-02-11 23:19 ` Kees Cook
2011-02-11 23:32 ` Kees Cook
2011-02-11 23:49 ` Dustin Kirkland
2011-02-12  0:03 ` Kees Cook
2011-02-14 19:04 ` Launchpad Bug Tracker
2011-02-14 19:04 ` Launchpad Bug Tracker
2011-02-14 19:04 ` Launchpad Bug Tracker
2011-02-21 14:01 ` Marc Deslauriers
2011-03-15 21:19 ` Launchpad Bug Tracker
2011-04-04 21:34 ` Launchpad Bug Tracker
2011-04-26  7:50 ` Michael Tokarev
2011-04-26  8:27 ` Bug Watch Updater
2011-08-11  0:35 ` Bug Watch Updater
2012-09-27 12:37 ` Stephan S.
2012-09-27 13:32 ` Stephan S.
2016-01-12 22:54 ` pranith
2017-10-27 16:28 ` Bug Watch Updater
2017-10-27 16:28 ` Bug Watch Updater

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20110128175808.31693.3165.malone@wampee.canonical.com \
    --to=neil@aldur.co.uk \
    --cc=697197@bugs.launchpad.net \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.