[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] ioemu: empty vnc passwd



If we do a debug build let us assume we are in a testing environment.
There an empty vnc password is ok.
If we don't make a debug build, let us assume we are in a production 
environment where an empty vnc password is a security risk.

Christoph


On Wednesday 23 January 2008 17:11:30 Samuel Thibault wrote:
> Hello,
>
> There is a small bug in xenstore.c: the following patch is needed
> because else xenstore_read_vncpasswd would return 0 even when it is
> unable to read the passwd.
>
> diff -r 9e92672385a5 tools/ioemu/xenstore.c
> --- a/tools/ioemu/xenstore.c  Wed Jan 23 13:37:03 2008 +0000
> +++ b/tools/ioemu/xenstore.c  Wed Jan 23 15:53:01 2008 +0000
> @@ -518,7 +518,7 @@ int xenstore_read_vncpasswd(int domid, c
>          pwbuf[0] = '\0';
>          free(uuid);
>          free(path);
> -        return rc;
> +        return -1;
>      }
>
>      for (i=0; i<len && i<pwbuflen; i++) {
>
> However, that means we can't use an empty passwd any more, while that
> may be quite useful e.g. in testing environments, so that we would need
> the following patch:
>
> diff -r 9e92672385a5 tools/ioemu/vl.c
> --- a/tools/ioemu/vl.c        Wed Jan 23 13:37:03 2008 +0000
> +++ b/tools/ioemu/vl.c        Wed Jan 23 15:55:38 2008 +0000
> @@ -7756,8 +7756,7 @@ int main(int argc, char **argv)
>       int vnc_display_port;
>       char password[20];
>       vnc_display_init(ds);
> -     if (xenstore_read_vncpasswd(domid, password, sizeof(password)) < 0)
> -         exit(0);
> +     xenstore_read_vncpasswd(domid, password, sizeof(password));
>       vnc_display_password(ds, password);
>       if ((vnc_display_port = vnc_display_open(ds, vnc_display, vncunused)) <
> 0) exit (0);
>
> in order to just ignore a missing passwd.
> What do people think about that?
>
> Signed-off-by: Samuel Thibault <samuel.thibault@xxxxxxxxxxxxx>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel



-- 
AMD Saxony, Dresden, Germany
Operating System Research Center

Legal Information:
AMD Saxony Limited Liability Company & Co. KG
Sitz (Geschäftsanschrift):
   Wilschdorfer Landstr. 101, 01109 Dresden, Deutschland
Registergericht Dresden: HRA 4896
vertretungsberechtigter Komplementär:
   AMD Saxony LLC (Sitz Wilmington, Delaware, USA)
Geschäftsführer der AMD Saxony LLC:
   Dr. Hans-R. Deppe, Thomas McCoy



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.