On 09/05/2012 12:19 PM, Asias He wrote: > On Wed, Sep 5, 2012 at 3:56 PM, Avi Kivity <[email protected]> wrote: >> On 09/05/2012 09:03 AM, Asias He wrote: >>> On Tue, Sep 4, 2012 at 9:07 PM, Avi Kivity <[email protected]> wrote: >>>> On 08/24/2012 02:29 PM, Asias He wrote: >>>>> It is useful to run a X program in guest and display it on host. >>>>> >>>>> 1) Make host's x server listen to localhost:6000 >>>>> host_shell$ socat -d -d TCP-LISTEN:6000,fork,bind=localhost \ >>>>> UNIX-CONNECT:/tmp/.X11-unix/X0 >>>>> >>>>> 2) Start the guest and run X program >>>>> host_shell$ lkvm run -k /boot/bzImage >>>>> guest_shell$ xlogo >>>>> >>>> >>>> Note, this is insecure, don't do this with untrusted guests. >>> >>> In this use case, the user on the host side should trust the guest. >>> >>> Btw, any attack the untrusted guests can do with the X port which host >>> listens? >> >> Steal the entire display, record user keystrokes, present false information. > > OK. > >> btw, how did it work? The you need the xauth cookie for this to work, >> or disable authentication. > > The trick here is just listening tcp x11 port(only on localhost) and > forwarding the tcp x11 data to local socket. > The auth sutff should be done by the host side normal X11 setup. >
Ok. Then the socat command not only exposes the display to the guest, but also to any local process with access to localhost:6000. -- error compiling committee.c: too many arguments to function -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
