WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] XEN domUs and X11 (maybe not Xen-related)

from [Nico Kadel-Garcia] [Permanent Link][Original]
To: Javier Guerra Giraldez <javier@xxxxxxxxxxx>
Subject: Re: [Xen-users] XEN domUs and X11 (maybe not Xen-related)
From: Nico Kadel-Garcia <nkadel@xxxxxxxxx>
Date: Fri, 18 Jan 2008 06:36:40 +0000
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 17 Jan 2008 22:37:17 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; bh=iaMN+sxHvyrjXjB8bbJsZ840mtSS3i+3P0uMaQnIusw=; b=FyqpUN0jsuN9JBwZ2dHQ3BW+kh19x4xFEp8g9gTl7VAUeDFO/4Vb4qJqSprYF9ZcI7MbAtBcDLm15Ls092nTdYj/bdimTgPQ/9jZGdk/u9Oj9ObbwlH9e4QhFIXgnlZRsI/gmzSQAJ0KwTfP8H30B60ALXqP70z9GxrTZxYbD1o=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=hQkrFGebP+FGRknNxAoFdhMBiY+0xR73dk2eJA9G5Vi/VFZh6kHrpnhsMXx/KkujP/C8SFdp30F3zniDkAQGJKQsGlyw+5178nsXtGwnbL7zXdAybGuMuyn+iFduzBeNFBmUEoX/YdTPLF8dIv/9UUl9GaXf1vId3rw3N60bhus=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <200801172041.51402.javier@xxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <877300.99685.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <478FDB1F.70605@xxxxxxxxx> <200801172041.51402.javier@xxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.9 (Windows/20071031) 
Javier Guerra Giraldez wrote:

On Thursday 17 January 2008, Nico Kadel-Garcia wrote:

This is a serious security issue with lots of VNC based tools, such as
most remote KVM's. It mandates that you use a good screenlock on the VNC
server's X session, in case you walk away and come back. Xen default
setups attempt to deal with this somewhat by restricting those VNC
clients to access from the Dom0 itself. But woe betide the admin who
opens it up for remote management and fails to protect their X session!
being a non-encrypted protocol, i guess anyone that uses it remotely without some kind of VPN is already exposing too much.
Oh, goodness, yes. The VNC password is exchanged encrypted, but passwords after that are.... at some small risk. This is why a thoughtful and secure admin will SSH to the Dom0 and run VNC locally in an X session, although that imposes some additional computational burdens on Dom0 

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] Can Ubuntu HVM guests be installed on a loopback fs image?, pradeep singh rautela
Next by Date:  [Xen-users] XEN 3.2.0 default bridge changed ?, Ralf Schenk
Previous by Thread:  Re: [Xen-users] XEN domUs and X11 (maybe not Xen-related), Javier Guerra Giraldez
Next by Thread:  [Xen-users] Can Ubuntu HVM guests be installed on a loopback fs image?, pradeep singh rautela
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy