The socket name used to communicate between the xpi browser plugin and the
spicec was predictable allowing a non priviliged user on the same system
to create the socket before spicec does and thus intercept the messages from
the xpi to the client, including login credentials. This security vulnerability
has been registred with mitre as CVE-2010-2792:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2792
This patch changes the controller code to instead read the socket name
from an environment variable which gets set by the xpi before executing
the spicec, making the socketname private between the client and the xpi.
Note that this means that the controller will only work with an xpi which
has matching changes, the changes are present in the latest version of the
xpi as available as update for / with RHEL-5.5 and RHEL-6.0 .
Spice client controller enables external control (e.g., by XPI or ActiveX) of
the client functionality.
The controller protocol enables setting parameters (host, port, sport, pwd,
secure channels, disabled channels, title, menus, hotkeys etc.), connecting
the server, showing and hiding the client etc.
The controller is based on the cross-platform named pipe.
