Bug 895582
| Summary: | VNC should listen on 127.0.0.1 and ::1 by default (assuming IPv6 is enabled on the host) | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Marco d'Itri <md> |
| Component: | libvirt | Assignee: | Ján Tomko <jtomko> |
| Status: | CLOSED DUPLICATE | QA Contact: | Virtualization Bugs <virt-bugs> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.0 | CC: | acathrow, berrange, codong, cwei, dallan, dyuan, mzhan, wilco, ydu, zpeng |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-04-15 08:54:26 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Marco d'Itri
2013-01-15 15:11:48 UTC
This is not correct, by default it will bind to 127.0.0.1. Binding to either 0.0.0.0 or :: is a security risk unless the admin has configured some form of authentication Not a bug, indeed. I forgot that the default is controlled by the vnc_listen directive in /etc/libvirt/qemu.conf, and I had changed it. That said, we should probably listen on 127.0.0.1 *and* ::1 (ipv6 localhost addr) by default, rather than only 127.0.0.1, so will keep this bug open. Shouldn't ::1 be enough? I'd rather we bind to whatever is defined as localhost in /etc/hosts. Is 127.0.0.1 and ::1 defined, bind to both, but if only ::1 is defined, only bind to ::1. I personally do not run 127.0.0.1 on my localhost interface, only ::1 as I do not run Legacy-IP on my internal networks. Even better to just bind to whatever getaddrinfo() returns for localhost. We can't listen on both ::1 and 127.0.0.1 since we can only pass one listen address to QEMU. But we could listen on ::1 on an IPv6-only system. Listening on :: works fine, just do not forget that you cannot rely on the value of the net.ipv6.bindv6only sysctl, so you should explicitly unset the value: int off = 0; if (setsockopt(sep->se_fd, IPPROTO_IPV6, IPV6_V6ONLY, &off, sizeof (off)) < 0) syslog(LOG_ERR, "setsockopt (IPV6_V6ONLY): %m"); That's exactly what QEMU does when told to listen on ::. We just can't do it by default because it might be a security risk. (In reply to Wilco Baan Hofman from comment #6) > Even better to just bind to whatever getaddrinfo() returns for localhost. Yes, rather than passing 127.0.0.1 or ::1 to QEMU on the command line, we should just pass 'localhost' instead & assume QEMU does the right thing with IPv6 here (which I believe it does). It will listen on either ::1 or 127.0.0.1 (depending on which 'localhost' will resolve to first). Making it the default will fix IPv6-only systems but it could break systems with both v4 and v6 if it binds to ::1 and the user expects it to listen on 127.0.0.1. (In reply to Jan Tomko from comment #12) > It will listen on either ::1 or 127.0.0.1 (depending on which 'localhost' > will resolve to first). > > Making it the default will fix IPv6-only systems but it could break systems > with both v4 and v6 if it binds to ::1 and the user expects it to listen on > 127.0.0.1. That's as designed. If the user wants things to only listen on 127.0.0.1 on a dual v4,v6 host, then they will have updated /etc/hosts to change what 'localhost' points to. In addition they still have the option of overriding this in libvirt itself. This bug was not selected to be addressed in Red Hat Enterprise Linux 6. We will look at it again within the Red Hat Enterprise Linux 7 product. We already have a bug against Red Hat Enterprise Linux 7 for this. *** This bug has been marked as a duplicate of bug 1038965 *** |