[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] PATCH: CVE-2007-0998: Remove access to QEMU monitor in VNC server

To: <caglar@xxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>
From: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Date: Sat, 19 May 2007 12:52:26 +0100
Cc: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
Delivery-date: Sat, 19 May 2007 04:49:22 -0700
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
Thread-index: AceaDCtLagHaYAX/EdyARQAWy6hiGQ==
Thread-topic: [Xen-devel] PATCH: CVE-2007-0998: Remove access to QEMU monitor in VNC server

On 19/5/07 12:48, "S.ÃaÄlar Onur" <caglar@xxxxxxxxxxxxx> wrote:

>>> Same patch applies cleanly on Xen-3.1.0, is it forgetton?
>> 
>> The patch is in 3.1.0.
> 
> Hmm, is that solved another way? Cause according to HG history its first
> committed [1] then reverted [2]?

There's a 'monitor' option in the domain config file, which can be used to
enable the monitor over VNC. It defaults to off, for security, of course.

 -- Keir

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

References:
- Re: [Xen-devel] PATCH: CVE-2007-0998: Remove access to QEMU monitor in VNC server
  - From: S.ÃaÄlar Onur

Prev by Date: Re: [Xen-devel] PATCH: CVE-2007-0998: Remove access to QEMU monitor in VNC server
Next by Date: [Xen-devel] Domains go into a strange dying / shutdown state
Previous by thread: Re: [Xen-devel] PATCH: CVE-2007-0998: Remove access to QEMU monitor in VNC server
Next by thread: [Xen-devel] Domains go into a strange dying / shutdown state
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.