Bug 209335 - HVM vnc config leaves world-accessible VNC port open with no password
Summary: HVM vnc config leaves world-accessible VNC port open with no password
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: xen
Version: 5.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Daniel Berrangé
QA Contact:
URL:
Whiteboard:
Depends On: 203196
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-10-04 17:58 UTC by Stephen Tweedie
Modified: 2007-11-30 22:07 UTC (History)
4 users (show)

Fixed In Version: 5.0.0
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-11-28 21:27:14 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Comment 2 RHEL Program Management 2006-10-04 18:33:53 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux release.  Product Management has requested further review
of this request by Red Hat Engineering.  This request is not yet committed for
inclusion in release.

Comment 3 Jay Turner 2006-10-10 20:01:11 UTC
QE ack for RHEL5.

Comment 8 Daniel Berrangé 2006-10-19 16:25:38 UTC
The neccessary patches for VNC password support for FV & PV have been committed
to CVS & built into xen-3.0.3-2.el5


Comment 9 Daniel Berrangé 2006-10-23 15:47:16 UTC
A further build 3.0.3-3.el5 resolves the final part of this which is to make the
/etc/xen directory  readable only by root (moe 0700) to protect the plaintext
VNC passwords from unprivileged users.



Note You need to log in before you can comment on or make changes to this bug.