Il 11/12/2013 17:29, Gerd Hoffmann ha scritto: > On Mi, 2013-12-11 at 17:06 +0100, Paolo Bonzini wrote: >> Il 11/12/2013 16:54, Gerd Hoffmann ha scritto: >>> Current code silently changes the authentication settings >>> in case you try to set a password without password authentication >>> turned on. This is bad. Return an error instead. >>> >>> If we want allow changing auth settings at runtime this should >>> be done explicitly using a separate monitor command, not as >>> side effect of set_passwd. >>> >>> Signed-off-by: Gerd Hoffmann <kra...@redhat.com> >> >> Isn't this backwards-incompatible? > > Yes. I think it is the correct thing nevertheless.
Fine by me, let's just make sure we document it well. Can you start the 2.0 changelog wiki page? > Users which want a passwort protected guests should configure vnc > correctly to avoid a unprotected window between qemu start and setting > the password. > > Also note that enabling passwd auth via "set_passwd" side-effect > bypasses fips restrictions. That'd be a clear bug, even one that could be fixed in stable versions. Paolo > So this is a clear security improvement IMHO. > > cheers, > Gerd > > >
