This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] Individual passwords for guest VNC servers ?

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] Individual passwords for guest VNC servers ?
From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
Date: Fri, 25 Aug 2006 01:44:36 +0100
Delivery-date: Thu, 24 Aug 2006 17:45:07 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20060816181153.GC25831@xxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <20060816181153.GC25831@xxxxxxxxxx>
Reply-to: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.4.1i
On Wed, Aug 16, 2006 at 07:11:53PM +0100, Daniel P. Berrange wrote:
> The current implementation of the VNC server in qemu-dm appears to just
> leverage whatever password the root user has set in /root/.vnc/passwd.
> This doesn't really have very nice semantics if one migrates the domain
> over to a different host...which may not have same VNC password file.

Ok, so looking more closly I'm wrong here. The VNC server in qemu-dm
does not use a password at all - it sets the VNC auth protocol to None.

At the same time it binds to - so any HVM guest running VNC
is completely unsecured, accessible to anyone who can route to the
Dom0 host unless you've firewalled off all the ports >= 5900 on the
machine. This looks like a pretty serious flaw to be fixed for 3.0.3 

> Has anyone given any thought to / written any patches to enable assignment
> of different passwords to individual guest's VNC servers. At its simplest
> one could just allow the crypt/md5 hash of the desired password to be
> supplied in the xm config file, or XenD SEXPR when creating a new domain
> and pass that hash through to qemu-dm to use instead of /root/.vnc/passwd

It appears that given the way the standard VNC challenge-response auth
scheme works there's no choice but to store the actual password - at very 
least using some reversible encryption - we can't simply store the hash
as one would with passwords for /etc/shadow.  There are other newer
auth schemes defined in VNC protocol, but its not clear whether these
have broad support amongst VNC viewer clients.

|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 

Xen-devel mailing list