
25 Jul
2014
25 Jul
'14
11:27 p.m.
Reviewed-by: Crístian Viana <vianac@linux.vnet.ibm.com> On 25-07-2014 17:02, alinefm@linux.vnet.ibm.com wrote:
From: Aline Manera <alinefm@linux.vnet.ibm.com>
When setting the listener IP to 0.0.0.0 anyone can connect to the freshly configured kimchi virtual machine manager box on port 5900, 5901, etc. and take over any virtual machine, since VNC is per default configured by kimchi to listen on all IPs. As websockets proxy connects to QEMU-VNC from 127.0.0.1 also set VNC listener IP to 127.0.0.1
Signed-off-by: Aline Manera <alinefm@linux.vnet.ibm.com>