[libvirt] [PATCH] qemu.conf: update vnc_password docs
Daniel P. Berrange
berrange at redhat.com
Wed Jun 5 13:11:59 UTC 2013
On Wed, Jun 05, 2013 at 03:09:54PM +0200, Ján Tomko wrote:
> QEMU does accept empty VNC passwords now and allows anyone
> to connect with an empty password.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=969542
> ---
> src/qemu/qemu.conf | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
> index cdf1ec4..49ef75f 100644
> --- a/src/qemu/qemu.conf
> +++ b/src/qemu/qemu.conf
> @@ -62,9 +62,9 @@
> # VNC passwords. This parameter is only used if the per-domain
> # XML config does not already provide a password. To allow
> # access without passwords, leave this commented out. An empty
> -# string will still enable passwords, but be rejected by QEMU,
> -# effectively preventing any use of VNC. Obviously change this
> -# example here before you set this.
> +# string might either prevent any use of VNC or allow access
> +# with an empty password depending on QEMU version. Obviously
> +# change this example here before you set this.
> #
> #vnc_password = "XYZ12345"
NACK. This is not correct. This is a security flaw and regression
in behaviour that must be fixed, if true.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list