qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v3] spice: Allow to set password even if disable


From: Christophe Fergeau
Subject: Re: [Qemu-devel] [PATCH v3] spice: Allow to set password even if disable-ticketing was used
Date: Mon, 12 Oct 2015 17:10:01 +0200
User-agent: Mutt/1.5.24 (2015-08-30)

Hey Gerd,

On Mon, Oct 12, 2015 at 03:43:51PM +0200, Gerd Hoffmann wrote:
> On Mo, 2015-10-12 at 13:25 +0200, Christophe Fergeau wrote:
> > Before commit b1ea7b79e1, it was possible to start with -spice
> > disable-ticketing, and then use the "set_password spice" command to
> > enable ticketing with SPICE. Since commit b1ea7b79e1 this is no longer
> > possible as qemu_spice_set_ticket() will return an error unless the
> > 'auth' type is "spice". When ticketing is disabled, 'auth' is "none" so
> > the attempt to set password fails.
> 
> Huh?  And this actually worked?  i.e. spice_server_set_ticket() has an
> effect after spice_server_set_noauth() was called?

Yes, this works on the spice server side.

> 
> > This change of behaviour caused a bug in oVirt
> > https://gerrit.ovirt.org/#/c/44842/
> 
> Hmm, I'd say fix this in ovirt then [1].

Fair enough (I believe this is already fixed in newer versions).

> 
> If you want run with spice authentication, then say so when starting
> qemu.  Switching authentication methods as side-effect of setting the
> password is asking for trouble.  We had that with vnc.  We finally got
> rid of it a while ago.  I don't feel like opening that can of worms
> again.
> 
> Also it encourages bad security practice.  If you turn on password auth
> as side effect of setting the password there is a window where one can
> access the virtual machine without a password, which probably is not
> what you want.
> 
> If there is an actual use case where switching authentication methods at
> runtime is needed we can discuss that.  But we'll be doing that as
> explicit monitor command, not as side-effect of something else.

Yeah, I'm not saying this patch is a good idea. However, there was a
silent change (by reading the commit log which introduced it, this
change is not mentioned at all, so may have been unintentional) in
behaviour in QEMU, and this change causes breakage in existing apps
using QEMU. This patch only attempts to fix this regression, I'm not
saying one behaviour or the other is better.

Christophe

Attachment: signature.asc
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]