From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
Date: Tue, 2 Feb 2010 20:59:10 +0100
Subject: [PATCH] Add some docs
---
plugin/README | 40 ++++++++++++++++++++++++++++++++++++++++
plugin/test.html | 17 +++++++++++++++++
2 files changed, 57 insertions(+), 0 deletions(-)
create mode 100644 plugin/README
create mode 100644 plugin/test.html
diff --git a/plugin/README b/plugin/README
new file mode 100644
index 0000000..dea7b78
--- /dev/null
+++ b/plugin/README
@@ -0,0 +1,40 @@
+Testing
+-------
+
+Restart your browser. In the location bar, type:
+
+ about:plugins
+
+Amongst your other plugins you should see the virt-viewer plugin:
+
+ Virt-viewer browser plugin
+
+ File name: virt-viewer-plugin.so
+ Virtual machine console viewer plugin
+
+ MIME Type Description Suffixes Enabled
+ application/x-virt-viewer Virt viewer virt-viewer Yes
+
+If that appears, then next edit the test.html page in the current
+directory. You will need to change the name of this page to point
+to a virtual machine.
+
+Then load the edited 'test.html' page into your browser, and you should see a
+virt-viewer widget and the display of the virtual machine.
+
+SECURITY
+--------
+
+If you install this plugin, then any web page could invoke it.
+
+Specific security implications of this are:
+
+(1) Malicious web page could cause your browser to connect to an arbitrary
+virtual machine even addresses behind a firewall. If you allow the plugin to be
+controlled by Javascript, and to communicate back success/failure indications,
+then this would allow a hacker to probe ports which they might otherwise not
+have access to.
+
+(2) A web page could connect to a malicious virtual machine. The virt-viewer
+widget is not hardened against responses from malicious VNC servers which might
+provide faulty responses, causing virt-viewer to crash or be subverted.
diff --git a/plugin/test.html b/plugin/test.html
new file mode 100644
index 0000000..33d333f
--- /dev/null
+++ b/plugin/test.html
@@ -0,0 +1,17 @@
+<html>
+<body>
+
+ <h1>Virt-viewer applet test</h1>
+
+ <p>You will need to edit the source to
+ set <code>uri</code>, <code>name</code> etc.</p>
+
+ <embed type="application/x-virt-viewer"
+ width="800" height="600"
+ uri="qemu:///system" name="test1">
+ </embed>
+
+ <p>End of page</p>
+
+</body>
+</html>
--