This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: RE : Re: [Xen-users] XEN domUs and X11 (maybe not Xen-related)

To: Frédérique Da Luene <frederique_daluene@xxxxxxxx>
Subject: Re: RE : Re: [Xen-users] XEN domUs and X11 (maybe not Xen-related)
From: Nico Kadel-Garcia <nkadel@xxxxxxxxx>
Date: Thu, 17 Jan 2008 22:47:59 +0000
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 17 Jan 2008 14:48:36 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; bh=O9VySyvKHQGsBNQVYRMZdm1+1HhxmW5Wb2OqnVDUB8Y=; b=Tn80PzwPAeXiUli8jd/hiLfjIyrwXHHVOGEmVILnRoPuio74wHOQsRkTbrfTMUZxk8oCzTWM8SX+BGR5GUn3i08H0o/MJ4u/LAyQMWjdUTKv+TJxYT3GJE6StDsXStyibHvDIllVC2ohem017JjtHqU25F9aqKEvtDn0f7cf7qg=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=GT8sin497ReFNfgHRg1/DOwN6Mcdqd0W2xQXfn2PvN3UfXEN0/A5e8z5b7coYu08aYpJSyEO+c5taEGoyG9Zd+MGhRoYBKYNIhmWtZn1/ExsLrgaqFhryJBRNhegj/1xbSjopuGSNsGVFm0tKvb++yzrzWN0iFkvttxyuvvY+kM=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <877300.99685.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <877300.99685.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird (Windows/20071031)
Frédérique Da Luene wrote:
Hi Nico,

--- Nico Kadel-Garcia <nkadel@xxxxxxxxx> a écrit :

Or, if you feel the need, you can use the vncviewer built into Xen itself, but this presents other
management and security issues.
And what are those security issues (you can point me
to some reference docs on the 'net, of course).


No need: I wrote the SunOS port for VNC years ago.

1: VNC sessions do not necessarily close the X session running on the VNC server when they disconnect. In fact, configured appropriately, multiple people can share the same session, and it'll stay open and active until the last person disconnects, even if it's set to auto-logout. 2: Since that session is still open, anyone who gets the VNC access or VNC password now potentially has access to any open consoles on the VNC server.
This is a serious security issue with lots of VNC based tools, such as 
most remote KVM's. It mandates that you use a good screenlock on the VNC 
server's X session, in case you walk away and come back. Xen default 
setups attempt to deal with this somewhat by restricting those VNC 
clients to access from the Dom0 itself. But woe betide the admin who 
opens it up for remote management and fails to protect their X session!

Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>