[libvirt] [PATCH] qemu: Let empty default VNC password work as documented
Jiri Denemark
jdenemar at redhat.com
Wed Jun 29 14:18:03 UTC 2016
On Wed, Jun 29, 2016 at 14:47:23 +0100, Daniel P. Berrange wrote:
> On Tue, Jun 28, 2016 at 02:45:15PM +0200, Jiri Denemark wrote:
> > Setting an empty vnc_password in qemu.conf is documented as a way to
> > disable VNC access, but QEMU does not seem to behave like that. Let's
> > enforce the behavior by setting password expiration to "now".
> >
> > Note, this has no effect on setting an empty //graphics at passwd in
> > domain XML. Users may use //graphics at passwdValidTo to enforce the same
> > behavior.
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=1180092
>
> Please reference newly assigned CVE-2016-5008 in the commit message
> before pushing.
>
> > Signed-off-by: Jiri Denemark <jdenemar at redhat.com>
> > ---
> > src/qemu/qemu_hotplug.c | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
> > index e0b8230..91f48dc 100644
> > --- a/src/qemu/qemu_hotplug.c
> > +++ b/src/qemu/qemu_hotplug.c
> > @@ -3970,6 +3970,8 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver,
> > snprintf(expire_time, sizeof(expire_time), "now");
> > else
> > snprintf(expire_time, sizeof(expire_time), "%lu", (long unsigned)auth->validTo);
> > + } else if (!auth->passwd && defaultPasswd && defaultPasswd[0] == '\0') {
> > + snprintf(expire_time, sizeof(expire_time), "now");
> > } else {
> > snprintf(expire_time, sizeof(expire_time), "never");
> > }
>
> Not shown in this patch is the earlier condition if (auth->expires).
>
> IOW, if you set the empty password, but also have an expiry time
> set we'll still be allowing access. Now admittedly setting an
> empty password and also an expiry time is fairly pointless, but
> I can easily see apps mistakenly doing this. So we should check
> the empty password as the first branch in the condition.
Well, I explicitly only fixed the issue with an empty default password
and using a //graphics/@passwdValidTo with a default password is not
supported. Libvirt will just ignore the XML element and thus
auth->expires will always be false with default passwords.
Do you think we should handle empty passwords in XML too?
Jirka
More information about the libvir-list
mailing list