Re: [libvirt] [PATCH] qemu.conf: update vnc_password docs
On Wed, Jun 05, 2013 at 03:09:54PM +0200, Ján Tomko wrote:
QEMU does accept empty VNC passwords now and allows anyone
to connect with an empty password.
https://bugzilla.redhat.com/show_bug.cgi?id=969542
---
src/qemu/qemu.conf | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index cdf1ec4..49ef75f 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -62,9 +62,9 @@
# VNC passwords. This parameter is only used if the per-domain
# XML config does not already provide a password. To allow
# access without passwords, leave this commented out. An empty
-# string will still enable passwords, but be rejected by QEMU,
-# effectively preventing any use of VNC. Obviously change this
-# example here before you set this.
+# string might either prevent any use of VNC or allow access
+# with an empty password depending on QEMU version. Obviously
+# change this example here before you set this.
#
#vnc_password = "XYZ12345"
NACK. This is not correct. This is a security flaw and regression
in behaviour that must be fixed, if true.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|