|
|
|
|
|
|
|
|
|
|
xen-users
Re: RE : Re: [Xen-users] XEN domUs and X11 (maybe not Xen-related)
Frédérique Da Luene wrote:
Hi Nico,
--- Nico Kadel-Garcia <nkadel@xxxxxxxxx> a écrit :
Or, if you feel the need, you can use the vncviewer
built into Xen itself, but this presents other
management and security issues.
And what are those security issues (you can point me
to some reference docs on the 'net, of course).
Tia,
FdL
No need: I wrote the SunOS port for VNC years ago.
1: VNC sessions do not necessarily close the X session running on the
VNC server when they disconnect. In fact, configured appropriately,
multiple people can share the same session, and it'll stay open and
active until the last person disconnects, even if it's set to auto-logout.
2: Since that session is still open, anyone who gets the VNC access or
VNC password now potentially has access to any open consoles on the VNC
server.
This is a serious security issue with lots of VNC based tools, such as
most remote KVM's. It mandates that you use a good screenlock on the VNC
server's X session, in case you walk away and come back. Xen default
setups attempt to deal with this somewhat by restricting those VNC
clients to access from the Dom0 itself. But woe betide the admin who
opens it up for remote management and fails to protect their X session!
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
|
|