[Spice-devel] [PATCH spice-gtk] RFC: build-sys: remove the spice-controller library
Jeremy White
jwhite at codeweavers.com
Tue Jun 20 19:19:36 UTC 2017
Hi,
>>>>>
>>>>> I don't see much alternative. Do you a other proposal?
>>>>>
>>>>
>>>> I think my use case simply requires the ability to pass the pass word in
>>>> a way that cannot be intercepted by any kind of hook; whether it be
>>>> wireshark, or an inotify hook. A unix domain socket that can receive
>>>> the password would suffice, I believe.
>>>
>>> Do you use virt-viewer or other Spice client? Are you a direct user of
>>> spice-controller?
>>
>> We set SPICE_XPI_SOCKET to a unix domain socket and then invoke:
>> remote-viewer --spice-controller
>> and then instruct remote-viewer to connect using a password we
>> ostensibly transmit in a secure fashion.
>>
>> I just reviewed the code again; and we don't use any other features of
>> the XPI conversation; the only material thing we can't do if you remove
>> this code is transmit the password.
>>
>>>
>>> I think we should try to solve this at the virt-viewer level, and move the
>>> discussion to virt-tools list.
>>>
>
> I guess a DBus interface could work equally well in this case?
>
I'm not enough of an expert in DBus to say for sure, but I don't think
so. One of the issues is that we need the communicated password to be
secure; can't you eavesdrop on a dbus channel with tools like dbus-monitor?
Cheers,
Jeremy
More information about the Spice-devel
mailing list