[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[virt-tools-list] virt-viewer: add some docs for the mozilla plugin



Hi,
attached patch adds some basic documentation.
Cheers,
 -- Guido
>From fd64d0160f61582b986647918eddfe29c3bf09d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx sigxcpu org>
Date: Tue, 2 Feb 2010 20:59:10 +0100
Subject: [PATCH 3/3] Add some docs

---
 plugin/README    |   40 ++++++++++++++++++++++++++++++++++++++++
 plugin/test.html |   17 +++++++++++++++++
 2 files changed, 57 insertions(+), 0 deletions(-)
 create mode 100644 plugin/README
 create mode 100644 plugin/test.html

diff --git a/plugin/README b/plugin/README
new file mode 100644
index 0000000..dea7b78
--- /dev/null
+++ b/plugin/README
@@ -0,0 +1,40 @@
+Testing
+-------
+
+Restart your browser.  In the location bar, type:
+
+  about:plugins
+
+Amongst your other plugins you should see the virt-viewer plugin:
+
+  Virt-viewer browser plugin
+
+  File name: virt-viewer-plugin.so
+  Virtual machine console viewer plugin
+
+  MIME Type 	Description 	Suffixes 	Enabled
+  application/x-virt-viewer 	Virt viewer 	virt-viewer 	Yes
+
+If that appears, then next edit the test.html page in the current
+directory.  You will need to change the name of this page to point
+to a virtual machine.
+
+Then load the edited 'test.html' page into your browser, and you should see a
+virt-viewer widget and the display of the virtual machine.
+
+SECURITY
+--------
+
+If you install this plugin, then any web page could invoke it.
+
+Specific security implications of this are:
+
+(1) Malicious web page could cause your browser to connect to an arbitrary
+virtual machine even addresses behind a firewall. If you allow the plugin to be
+controlled by Javascript, and to communicate back success/failure indications,
+then this would allow a hacker to probe ports which they might otherwise not
+have access to.
+
+(2) A web page could connect to a malicious virtual machine. The virt-viewer
+widget is not hardened against responses from malicious VNC servers which might
+provide faulty responses, causing virt-viewer to crash or be subverted.
diff --git a/plugin/test.html b/plugin/test.html
new file mode 100644
index 0000000..33d333f
--- /dev/null
+++ b/plugin/test.html
@@ -0,0 +1,17 @@
+<html>
+<body>
+
+  <h1>Virt-viewer applet test</h1>
+
+  <p>You will need to edit the source to
+  set <code>uri</code>, <code>name</code> etc.</p>
+
+  <embed type="application/x-virt-viewer"
+    width="800" height="600"
+    uri="qemu:///system" name="test1">
+  </embed>
+
+  <p>End of page</p>
+
+</body>
+</html>
-- 
1.6.6.1


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]