[libvirt] [PATCH] qemu: Let empty default VNC password work as documented
Daniel P. Berrange
berrange at redhat.com
Tue Jun 28 13:28:21 UTC 2016
On Tue, Jun 28, 2016 at 02:45:15PM +0200, Jiri Denemark wrote:
> Setting an empty vnc_password in qemu.conf is documented as a way to
> disable VNC access, but QEMU does not seem to behave like that. Let's
> enforce the behavior by setting password expiration to "now".
Hmm, i wonder when they regressed that behaviour *again*. We've fixed
that in QEMU at least twice in the past. I'd like to see us explore
when this changed in QEMU and whehter we should fix it there instead.
Also, this is probably classified as needing a CVE, since previous
regressions in this area were recorded security issues IIRC. Which
again means we need to investigate just when this behavioural change
happened.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list