Opened 16 years ago
Closed 16 years ago
#1960 closed defect (fixed)
VboxHeadless ignores "<RemoteDisplay enabled="false" ..." => Fixed in 1.6.6
Reported by: | leo | Owned by: | |
---|---|---|---|
Component: | RDP | Version: | VirtualBox 1.6.4 |
Keywords: | Cc: | ||
Guest type: | Linux | Host type: | Linux |
Description
Ubuntu desktop 8.04.1, VirtualBox 1.6.4 AMD64.
I have a VM which contains:
<RemoteDisplay enabled="false" port="3901" authType="Null" authTimeout="5000"/>
I.e. the VRDP server is configured but not enabled.
I start this VM with VBoxHealess and the VRDP is remotely accessible even if I disabled it.
I think this is a security problem because with VBoxHeadless I have no way to prohibit remote connection (and currently the external Authentication has problems causing segmentation faults).
IMHO the VBoxHeadless should respect enable/disable as stated in VM conf, and eventually override it only in case the listening port is specified on VBoxHeadless command line (or via explicit option).
Change History (4)
comment:1 by , 16 years ago
Summary: | VboxHeadless ignores "<RemoteDisplay enabled="false" ..." → VboxHeadless ignores "<RemoteDisplay enabled="false" ..." => Fixed in 1.6.6 |
---|
comment:2 by , 16 years ago
I think it would be more logical to have the default as specified in the settings. If I'm not mistaken, all other settings are working that way - I specify machine settings in the GUI, and when I start the machine, headless or not, all settings are as I have specified. Why is this one an exception?
comment:3 by , 16 years ago
For historical reasons / backward compatibility. If someone wants to start VBoxHeadless he usually wants to access it through the RDP protocol. And the screen output clearly states that the RDP server of that VM is now active.
comment:4 by , 16 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Thanks for this report. Actually we left the default behavior which is to enable the RDP server. But in 1.6.6 we added an optional parameter
which allows the user to explicitly start the RDP support (on), to explicitly disable it (off) or to use the value stored in the permanent .xml settings (config).