[Spice-devel] [PATCH spice-gtk] widget: connect automatically webdav channels
Benjamin Gilbert
bgilbert at cs.cmu.edu
Fri Feb 6 19:29:46 PST 2015
On February 6, 2015 6:54:48 PM EST, "Marc-André Lureau"
<mlureau at redhat.com> wrote:
>> Clients connecting to untrusted VMs may not want the VM to have
>> access to the host filesystem. Previously they were safe if they
>> did nothing, but with this change, they would need to explicitly
>> set shared-dir to NULL. (Which, of course, will cause a warning
>> with previous versions of spice-gtk.)
>
> Well, the shared directory is the ~/Public by default, so I assume
> this is fine.
The VM has write access to the folder, so it could overwrite my public
files or fill up my disk.
> I think we should still enable it by default, but it's good that you
> remind of the implication. Hopefully people read release notes...
I don't think it's a good idea to retroactively add potential security
holes to existing applications, with or without a release note. I think
users will be surprised by this behavior: for example, VirtualBox and
VMware Workstation don't share folders by default, and GNOME doesn't
share ~/Public by default.
Is it really important to enable this feature for unmodified
applications? Applications will probably want a UI for
enabling/disabling sharing and selecting a target folder, so they'll
need to be changed anyway. With this patch, and without that additional
UI, users who don't like the defaults will be forced to mess around with
XDG_CONFIG_HOME and user-dirs.dirs.
--Benjamin Gilbert
More information about the Spice-devel
mailing list