[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3] libxl: Spice vdagent support for upstream qemu

To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
From: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>
Date: Thu, 9 May 2013 12:27:02 +0100
Cc: Ian Campbell <Ian.Campbell@xxxxxxxxxx>, Fabio Fantoni <fabio.fantoni@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <Stefano.Stabellini@xxxxxxxxxxxxx>, "fantonifabio@xxxxxxxxxx" <fantonifabio@xxxxxxxxxx>
Delivery-date: Thu, 09 May 2013 11:27:53 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Tue, May 7, 2013 at 6:06 PM, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> wrote:
> fantonifabio@xxxxxxxxxx writes ("[PATCH v3] libxl: Spice vdagent support for 
> upstream qemu"):
>> Usage: spicevdagent=1|0 (default=0)
>> Enables spice vdagent. The Spice vdagent is an optional component for
>> enhancing user experience and performing guest-oriented management
>> tasks. Its features includes: client mouse mode (no need to grab mouse
>> by client, no mouse lag), automatic adjustment of screen resolution,
>> copy and paste (text and image) between client and domU. It also
>> requires vdagent service installed on domU o.s. to work.
>
> Thanks, that's helpful.  What are the security implications ?
>
> In particular, does it mean that when the user has a spice client
> connected to a guest, the guest can spy on the user's clipboard all
> the time ?

If it did, how would that affect your views on the patch?

It seems overall like the decision to run a piece of software on a
local computer which may send data (such as the clipboard) off to a
remote computer is the user's problem.  She has no way of knowing for
sure that what she's connecting to has vdagent enabled or not.  Even
if we don't accept this patch, the administrator can probably enable
it by using the "extra" args in the config file.

 -George

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH v3] libxl: Spice vdagent support for upstream qemu
  - From: fantonifabio
- Re: [Xen-devel] [PATCH v3] libxl: Spice vdagent support for upstream qemu
  - From: Ian Jackson

Prev by Date: Re: [Xen-devel] [PATCH 1/3] xen/tools: Remove the XENMEM_get_oustanding_pages and provide the data via xc_phys_info
Next by Date: Re: [Xen-devel] v3.9 - CPU hotplug and microcode earlier loading hits a mutex deadlock (x86_cpu_hotplug_driver_mutex)
Previous by thread: Re: [Xen-devel] [PATCH v3] libxl: Spice vdagent support for upstream qemu
Next by thread: [Xen-devel] [PATCH RFC v2 0/4] xen/arm: CONFIG_PARAVIRT and stolen ticks accounting
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.