On Tue, Jun 28, 2016 at 02:45:15PM +0200, Jiri Denemark wrote:
Setting an empty vnc_password in qemu.conf is documented as a way to
disable VNC access, but QEMU does not seem to behave like that. Let's
enforce the behavior by setting password expiration to "now".
Hmm, i wonder when they regressed that behaviour *again*. We've fixed
that in QEMU at least twice in the past. I'd like to see us explore
when this changed in QEMU and whehter we should fix it there instead.
Also, this is probably classified as needing a CVE, since previous
regressions in this area were recorded security issues IIRC. Which
again means we need to investigate just when this behavioural change
happened.
Regards,
Daniel
--
|:
http://berrange.com -o-
http://www.flickr.com/photos/dberrange/ :|
|:
http://libvirt.org -o-
http://virt-manager.org :|
|:
http://autobuild.org -o-
http://search.cpan.org/~danberr/ :|
|:
http://entangle-photo.org -o-
http://live.gnome.org/gtk-vnc :|