VirtualBox

Ticket #1960 (closed defect: fixed)

Opened 6 years ago

Last modified 6 years ago

VboxHeadless ignores "<RemoteDisplay enabled="false" ..." => Fixed in 1.6.6

Reported by: leoniman Owned by:
Priority: major Component: RDP
Version: VirtualBox 1.6.4 Keywords:
Cc: Guest type: Linux
Host type: Linux

Description

Ubuntu desktop 8.04.1, VirtualBox 1.6.4 AMD64.

I have a VM which contains:

<RemoteDisplay enabled="false" port="3901" authType="Null" authTimeout="5000"/>



I.e. the VRDP server is configured but not enabled. I start this VM with VBoxHealess and the VRDP is remotely accessible even if I disabled it. I think this is a security problem because with VBoxHeadless I have no way to prohibit remote connection (and currently the external Authentication has problems causing segmentation faults).

IMHO the VBoxHeadless should respect enable/disable as stated in VM conf, and eventually override it only in case the listening port is specified on VBoxHeadless command line (or via explicit option).

Change History

comment:1 Changed 6 years ago by frank

  • Summary changed from VboxHeadless ignores "<RemoteDisplay enabled="false" ..." to VboxHeadless ignores "<RemoteDisplay enabled="false" ..." => Fixed in 1.6.6

Thanks for this report. Actually we left the default behavior which is to enable the RDP server. But in 1.6.6 we added an optional parameter

-vrdp on|off|config

which allows the user to explicitly start the RDP support (on), to explicitly disable it (off) or to use the value stored in the permanent .xml settings (config).

comment:2 Changed 6 years ago by vadimrapp

I think it would be more logical to have the default as specified in the settings. If I'm not mistaken, all other settings are working that way - I specify machine settings in the GUI, and when I start the machine, headless or not, all settings are as I have specified. Why is this one an exception?

comment:3 Changed 6 years ago by frank

For historical reasons / backward compatibility. If someone wants to start VBoxHeadless he usually wants to access it through the RDP protocol. And the screen output clearly states that the RDP server of that VM is now active.

comment:4 Changed 6 years ago by frank

  • Status changed from new to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use