[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3] libxl: Spice vdagent support for upstream qemu



On Tue, May 7, 2013 at 6:06 PM, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> wrote:
> fantonifabio@xxxxxxxxxx writes ("[PATCH v3] libxl: Spice vdagent support for 
> upstream qemu"):
>> Usage: spicevdagent=1|0 (default=0)
>> Enables spice vdagent. The Spice vdagent is an optional component for
>> enhancing user experience and performing guest-oriented management
>> tasks. Its features includes: client mouse mode (no need to grab mouse
>> by client, no mouse lag), automatic adjustment of screen resolution,
>> copy and paste (text and image) between client and domU. It also
>> requires vdagent service installed on domU o.s. to work.
>
> Thanks, that's helpful.  What are the security implications ?
>
> In particular, does it mean that when the user has a spice client
> connected to a guest, the guest can spy on the user's clipboard all
> the time ?

If it did, how would that affect your views on the patch?

It seems overall like the decision to run a piece of software on a
local computer which may send data (such as the clipboard) off to a
remote computer is the user's problem.  She has no way of knowing for
sure that what she's connecting to has vdagent enabled or not.  Even
if we don't accept this patch, the administrator can probably enable
it by using the "extra" args in the config file.

 -George

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.