Re: [PATCH 3/3] Use the host's FQDN in the VNC connection



On Wed, Aug 19, 2009 at 05:29:52PM +0100, John Haxby wrote:
> If we're using X.509 encryption then the hostname we're connecting to
> must exactly match the hostname in the certificate.  As the certificate
> generally contains the fqdn of the host then we convert whatever the
> user supplies to the fqdn before attempting to connect.
> ---
>  examples/gvncviewer.py |    2 ++
>  1 files changed, 2 insertions(+), 0 deletions(-)
> 
> diff --git a/examples/gvncviewer.py b/examples/gvncviewer.py
> index 9a74268..c7209ab 100644
> --- a/examples/gvncviewer.py
> +++ b/examples/gvncviewer.py
> @@ -21,6 +21,7 @@
>  import gtk
>  import gtkvnc
>  import sys
> +import socket
>  
>  if len(sys.argv) != 2 and len(sys.argv) != 3:
>      print "syntax: gvncviewer.py host:display [password]"
> @@ -185,6 +186,7 @@ if disp != -1:
>  else:
>      host = sys.argv[1]
>      port = "5900"
> +host = socket.getfqdn(host)
>  print "Connecting to %s %s" % (host, port)

This isn't a good idea, because it introduces an untrusted
component into the hostname checks. The server's x509 cert
has a hostname embedded, and  this should be compared against
the hostname the user provided when opening the connection.

Thus if someone hijacks DNS for the hostname in question,
redirecting it to another IP, the user will get a mis-match.

With your proposed change, if someone hijacks the DNS, then
the hostname will still match because you replaced the user's
hostname, with one from a DNS lookup (potentially).

Daniel
-- 
|: http://berrange.com/     -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://freshmeat.net/~danielpb/    -o-   http://gtk-vnc.sourceforge.net :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]