Hi, attached patch adds some basic documentation. Cheers, -- Guido
>From fd64d0160f61582b986647918eddfe29c3bf09d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guido=20G=C3=BCnther?= <[email protected]> Date: Tue, 2 Feb 2010 20:59:10 +0100 Subject: [PATCH 3/3] Add some docs
--- plugin/README | 40 ++++++++++++++++++++++++++++++++++++++++ plugin/test.html | 17 +++++++++++++++++ 2 files changed, 57 insertions(+), 0 deletions(-) create mode 100644 plugin/README create mode 100644 plugin/test.html diff --git a/plugin/README b/plugin/README new file mode 100644 index 0000000..dea7b78 --- /dev/null +++ b/plugin/README @@ -0,0 +1,40 @@ +Testing +------- + +Restart your browser. In the location bar, type: + + about:plugins + +Amongst your other plugins you should see the virt-viewer plugin: + + Virt-viewer browser plugin + + File name: virt-viewer-plugin.so + Virtual machine console viewer plugin + + MIME Type Description Suffixes Enabled + application/x-virt-viewer Virt viewer virt-viewer Yes + +If that appears, then next edit the test.html page in the current +directory. You will need to change the name of this page to point +to a virtual machine. + +Then load the edited 'test.html' page into your browser, and you should see a +virt-viewer widget and the display of the virtual machine. + +SECURITY +-------- + +If you install this plugin, then any web page could invoke it. + +Specific security implications of this are: + +(1) Malicious web page could cause your browser to connect to an arbitrary +virtual machine even addresses behind a firewall. If you allow the plugin to be +controlled by Javascript, and to communicate back success/failure indications, +then this would allow a hacker to probe ports which they might otherwise not +have access to. + +(2) A web page could connect to a malicious virtual machine. The virt-viewer +widget is not hardened against responses from malicious VNC servers which might +provide faulty responses, causing virt-viewer to crash or be subverted. diff --git a/plugin/test.html b/plugin/test.html new file mode 100644 index 0000000..33d333f --- /dev/null +++ b/plugin/test.html @@ -0,0 +1,17 @@ +<html> +<body> + + <h1>Virt-viewer applet test</h1> + + <p>You will need to edit the source to + set <code>uri</code>, <code>name</code> etc.</p> + + <embed type="application/x-virt-viewer" + width="800" height="600" + uri="qemu:///system" name="test1"> + </embed> + + <p>End of page</p> + +</body> +</html> -- 1.6.6.1
_______________________________________________ virt-tools-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/virt-tools-list
