Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password authentication (security type 2) when in FIPS mode

[Anthony Liguori]

On 06/05/2012 07:17 AM, Alexander Graf wrote:
> On 05.06.2012, at 01:11, Anthony Liguori wrote:
>
> > On 06/05/2012 02:16 AM, Paul Moore wrote:
> > > On Sunday, June 03, 2012 08:55:42 AM Anthony Liguori wrote:
> > > > This needs to be optional and disabled by default I think.  I strongly
> > > > dislike  disabling a feature when a user isn't asking for it.  You can
> > > > introduce a global -enable-fips-mode or something like that.
> > >
> > > I'll resend the patch, but before I do I want to make sure the defaults are
> > > set to whatever you find acceptable to merging and the second sentence above
> > > has me a little confused; do you mean "... dislike _enabling_ a feature when a
> > > user isn't asking for it."?
> >
> > I dislike *removing* a feature unless a user has explicitly asked us too.
> >
> > If a user isn't aware that fips mode is enabled, they will have no idea why VNC 
> > authentication doesn't work.  I think we should let a user choice whether they 
> > want QEMU to respect fips mode or not.
>
> While I agree in general, for FIPS chances are basically negligible that you 
> accidentally enable it. And if you do, the rest of your system will have gone 
> mad before you notice QEMU behaving differently anyways :)

Have you ever experienced a random failure on an SELinux box that made no 
logical sense?  Out of desperation, you setenforce 0 and magically, thinks work 
again.

Even if the user enabled fips mode, they may not understand that this means VNC 
authentication will stop working.  Providing an option (1) allows the user to 
discover what the problem is (2) makes the behavior much more clear.

Removing features based on a magic procfs variable with no input from the user 
is a bad idea IMHO.

Regards,

Anthony Liguori

> Alex