From c6f733583d1600936a8215bfa743982ecd89a5d7 Mon Sep 17 00:00:00 2001
From: Jonas Bardino <bardino@science.ku.dk>
Date: Mon, 16 Mar 2026 13:43:57 +0100
Subject: [PATCH 1/2] Bind vncservice to the specific service socket where user
 is pointed to to address code scanning issue 130 about avoiding wild-card
 binds.

---
 mig/shared/functionality/vncsession.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/mig/shared/functionality/vncsession.py b/mig/shared/functionality/vncsession.py
index 963a72533..9ca7ff4be 100644
--- a/mig/shared/functionality/vncsession.py
+++ b/mig/shared/functionality/vncsession.py
@@ -4,7 +4,7 @@
 # --- BEGIN_HEADER ---
 #
 # vncsession - Start a new VNC session
-# Copyright (C) 2003-2023  The MiG Project lead by Brian Vinter
+# Copyright (C) 2003-2026  The MiG Project by the Science HPC Center at UCPH
 #
 # This file is part of MiG.
 #
@@ -172,15 +172,15 @@ def main(client_id, user_arguments_dict):
         for i in range(start_display, VNC_port_count + start_display):
             free_display_found = False
             try:
-                S = socket.socket()
-                S.bind(('', baseVNCport + i))
+                vnc_sock = socket.socket()
+                vnc_sock.bind((configuration.server_fqdn, baseVNCport + i))
                 display_number = i
                 vnc_port = baseVNCport + display_number
                 free_display_found = True
             except Exception as exc:
                 error = exc
-            S.close()
-            S = None
+            vnc_sock.close()
+            vnc_sock = None
 
             if free_display_found:
 

From b6893b1af13405756eeff91684c829821ebe33fd Mon Sep 17 00:00:00 2001
From: Jonas Bardino <bardino@science.ku.dk>
Date: Mon, 16 Mar 2026 13:47:40 +0100
Subject: [PATCH 2/2] Additionally disable the backend unless jobs are enabled.

---
 mig/shared/functionality/vncsession.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/mig/shared/functionality/vncsession.py b/mig/shared/functionality/vncsession.py
index 9ca7ff4be..d1adbb8ad 100644
--- a/mig/shared/functionality/vncsession.py
+++ b/mig/shared/functionality/vncsession.py
@@ -3,7 +3,7 @@
 #
 # --- BEGIN_HEADER ---
 #
-# vncsession - Start a new VNC session
+# vncsession - Start a new VNC session for interactive jobs
 # Copyright (C) 2003-2026  The MiG Project by the Science HPC Center at UCPH
 #
 # This file is part of MiG.
@@ -25,7 +25,7 @@
 # -- END_HEADER ---
 #
 
-"""Start a new vnc session"""
+"""Start a new vnc session for interactive jobs"""
 
 from __future__ import absolute_import
 
@@ -79,6 +79,11 @@ def main(client_id, user_arguments_dict):
     depth = accepted['depth'][-1]
     desktopname = accepted['desktopname'][-1]
 
+    if not configuration.site_enable_jobs:
+        output_objects.append({'object_type': 'error_text', 'text':
+                               '''Job execution is not enabled on this system'''})
+        return (output_objects, returnvalues.SYSTEM_ERROR)
+
     # Please note that base_dir must end in slash to avoid access to other
     # user dirs when own name is a prefix of another user name