Codebase list virt-viewer / 94828c7 debian / patches / 0003-Add-some-docs.patch
94828c7

Tree @94828c7 (Download .tar.gz)

0003-Add-some-docs.patch @94828c7raw · history · blame 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
Date: Tue, 2 Feb 2010 20:59:10 +0100
Subject: [PATCH] Add some docs

---
 plugin/README    |   40 ++++++++++++++++++++++++++++++++++++++++
 plugin/test.html |   17 +++++++++++++++++
 2 files changed, 57 insertions(+), 0 deletions(-)
 create mode 100644 plugin/README
 create mode 100644 plugin/test.html

diff --git a/plugin/README b/plugin/README
new file mode 100644
index 0000000..dea7b78
--- /dev/null
+++ b/plugin/README
@@ -0,0 +1,40 @@
+Testing
+-------
+
+Restart your browser.  In the location bar, type:
+
+  about:plugins
+
+Amongst your other plugins you should see the virt-viewer plugin:
+
+  Virt-viewer browser plugin
+
+  File name: virt-viewer-plugin.so
+  Virtual machine console viewer plugin
+
+  MIME Type 	Description 	Suffixes 	Enabled
+  application/x-virt-viewer 	Virt viewer 	virt-viewer 	Yes
+
+If that appears, then next edit the test.html page in the current
+directory.  You will need to change the name of this page to point
+to a virtual machine.
+
+Then load the edited 'test.html' page into your browser, and you should see a
+virt-viewer widget and the display of the virtual machine.
+
+SECURITY
+--------
+
+If you install this plugin, then any web page could invoke it.
+
+Specific security implications of this are:
+
+(1) Malicious web page could cause your browser to connect to an arbitrary
+virtual machine even addresses behind a firewall. If you allow the plugin to be
+controlled by Javascript, and to communicate back success/failure indications,
+then this would allow a hacker to probe ports which they might otherwise not
+have access to.
+
+(2) A web page could connect to a malicious virtual machine. The virt-viewer
+widget is not hardened against responses from malicious VNC servers which might
+provide faulty responses, causing virt-viewer to crash or be subverted.
diff --git a/plugin/test.html b/plugin/test.html
new file mode 100644
index 0000000..33d333f
--- /dev/null
+++ b/plugin/test.html
@@ -0,0 +1,17 @@
+<html>
+<body>
+
+  <h1>Virt-viewer applet test</h1>
+
+  <p>You will need to edit the source to
+  set <code>uri</code>, <code>name</code> etc.</p>
+
+  <embed type="application/x-virt-viewer"
+    width="800" height="600"
+    uri="qemu:///system" name="test1">
+  </embed>
+
+  <p>End of page</p>
+
+</body>
+</html>
--