1043953 – virt-manager: local users can use VNC, SPICE connections of other users

Bug 1043953 - virt-manager: local users can use VNC, SPICE connections of other users

Summary: virt-manager: local users can use VNC, SPICE connections of other users

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	virt-manager
Sub Component:
Version:	6.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Giuseppe Scrivano
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:	1043919
Blocks:
TreeView+	depends on / blocked

Reported:	2013-12-17 13:48 UTC by Florian Weimer
Modified:	2014-02-06 13:31 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:	1043919
Clones:	1044570 (view as bug list)
Environment:
Last Closed:	2014-02-06 13:31:08 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Florian Weimer 2013-12-17 13:48:49 UTC

I verified a while ago that this bug is also present in RHEL 6.4.

+++ This bug was initially created as a clone of Bug #1043919 +++

virt-manager does not prevent other local users from using the VNC and SPICE protocols to access the console of virtual machines created using virt-manager.

Using UNIX domain socket connections by default would be the best solution for this.  Automatically generated random passwords do not authenticate the server and allow it to be impersonated by other users because it is usually running on an untrusted port.

Comment 1 Giuseppe Scrivano 2014-02-06 13:31:08 UTC

this is not yet upstream and it is very unlikely that is going to happen for rhel-6.x, so I am going to close it as WONTFIX.  Please re-open if you disagree.

Note You need to log in before you can comment on or make changes to this bug.