638820 – The default setup for guests via the gui leaves them vulnerable to other users accessing the vnc server

Bug 638820 - The default setup for guests via the gui leaves them vulnerable to other users accessing the vnc server

Summary: The default setup for guests via the gui leaves them vulnerable to other user...

Keywords:
Status:	CLOSED DUPLICATE of bug 1043919
Alias:	None
Product:	Virtualization Tools
Classification:	Community
Component:	libvirt
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Libvirt Maintainers
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-09-30 03:23 UTC by David
Modified:	2016-03-21 23:10 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-03-21 23:10:15 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description David 2010-09-30 03:23:13 UTC

The default setup for guests via the gui leaves them vulnerable to other users accessing the vnc server.

IMHO THIS IS VERY BAD. I do not trust the other users on my system.
They should not be able to reach my vnc server for a guest.
As SDL will not even work for me with kvm ... 
"Error starting domain: operation failed: failed to retrieve chardev info in qemu with 'info chardev'"

This means I am forced to use vnc... 
The gui will also not save my password etc.
This is really not good...

Comment 1 Cole Robinson 2016-03-21 23:10:15 UTC

Sorry this never received a response. I don't think we will change the default listen address any time soon, but there are several capabilities to lock it down further, and distros can always choose to change the default.

There's more discussion in bug 1043919

*** This bug has been marked as a duplicate of bug 1043919 ***

Note You need to log in before you can comment on or make changes to this bug.