New patch 0003-Add-some-docs.patch
Add some docs
Guido Günther
13 years ago
| 0 | From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org> | |
| 1 | Date: Tue, 2 Feb 2010 20:59:10 +0100 | |
| 2 | Subject: [PATCH] Add some docs | |
| 3 | ||
| 4 | --- | |
| 5 | plugin/README | 40 ++++++++++++++++++++++++++++++++++++++++ | |
| 6 | plugin/test.html | 17 +++++++++++++++++ | |
| 7 | 2 files changed, 57 insertions(+), 0 deletions(-) | |
| 8 | create mode 100644 plugin/README | |
| 9 | create mode 100644 plugin/test.html | |
| 10 | ||
| 11 | diff --git a/plugin/README b/plugin/README | |
| 12 | new file mode 100644 | |
| 13 | index 0000000..dea7b78 | |
| 14 | --- /dev/null | |
| 15 | +++ b/plugin/README | |
| 16 | @@ -0,0 +1,40 @@ | |
| 17 | +Testing | |
| 18 | +------- | |
| 19 | + | |
| 20 | +Restart your browser. In the location bar, type: | |
| 21 | + | |
| 22 | + about:plugins | |
| 23 | + | |
| 24 | +Amongst your other plugins you should see the virt-viewer plugin: | |
| 25 | + | |
| 26 | + Virt-viewer browser plugin | |
| 27 | + | |
| 28 | + File name: virt-viewer-plugin.so | |
| 29 | + Virtual machine console viewer plugin | |
| 30 | + | |
| 31 | + MIME Type Description Suffixes Enabled | |
| 32 | + application/x-virt-viewer Virt viewer virt-viewer Yes | |
| 33 | + | |
| 34 | +If that appears, then next edit the test.html page in the current | |
| 35 | +directory. You will need to change the name of this page to point | |
| 36 | +to a virtual machine. | |
| 37 | + | |
| 38 | +Then load the edited 'test.html' page into your browser, and you should see a | |
| 39 | +virt-viewer widget and the display of the virtual machine. | |
| 40 | + | |
| 41 | +SECURITY | |
| 42 | +-------- | |
| 43 | + | |
| 44 | +If you install this plugin, then any web page could invoke it. | |
| 45 | + | |
| 46 | +Specific security implications of this are: | |
| 47 | + | |
| 48 | +(1) Malicious web page could cause your browser to connect to an arbitrary | |
| 49 | +virtual machine even addresses behind a firewall. If you allow the plugin to be | |
| 50 | +controlled by Javascript, and to communicate back success/failure indications, | |
| 51 | +then this would allow a hacker to probe ports which they might otherwise not | |
| 52 | +have access to. | |
| 53 | + | |
| 54 | +(2) A web page could connect to a malicious virtual machine. The virt-viewer | |
| 55 | +widget is not hardened against responses from malicious VNC servers which might | |
| 56 | +provide faulty responses, causing virt-viewer to crash or be subverted. | |
| 57 | diff --git a/plugin/test.html b/plugin/test.html | |
| 58 | new file mode 100644 | |
| 59 | index 0000000..33d333f | |
| 60 | --- /dev/null | |
| 61 | +++ b/plugin/test.html | |
| 62 | @@ -0,0 +1,17 @@ | |
| 63 | +<html> | |
| 64 | +<body> | |
| 65 | + | |
| 66 | + <h1>Virt-viewer applet test</h1> | |
| 67 | + | |
| 68 | + <p>You will need to edit the source to | |
| 69 | + set <code>uri</code>, <code>name</code> etc.</p> | |
| 70 | + | |
| 71 | + <embed type="application/x-virt-viewer" | |
| 72 | + width="800" height="600" | |
| 73 | + uri="qemu:///system" name="test1"> | |
| 74 | + </embed> | |
| 75 | + | |
| 76 | + <p>End of page</p> | |
| 77 | + | |
| 78 | +</body> | |
| 79 | +</html> | |
| 80 | -- |