[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] Re: [PATCH] Make default invocation of block drivers safer
From: |
Kevin Wolf |
Subject: |
[Qemu-devel] Re: [PATCH] Make default invocation of block drivers safer (v3) |
Date: |
Thu, 15 Jul 2010 15:01:14 +0200 |
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9) Gecko/20100430 Fedora/3.0.4-2.fc12 Thunderbird/3.0.4 |
Am 15.07.2010 14:50, schrieb Anthony Liguori:
> CVE-2008-2004 described a vulnerability in QEMU whereas a malicious user could
> trick the block probing code into accessing arbitrary files in a guest. To
> mitigate this, we added an explicit format parameter to -drive which disabling
> block probing.
>
> Fast forward to today, and the vast majority of users do not use this
> parameter.
> libvirt does not use this by default nor does virt-manager.
>
> Most users want block probing so we should try to make it safer.
>
> This patch adds some logic to the raw device which attempts to detect a write
> operation to the beginning of a raw device. If the first 4 bytes happen to
> match an image file that has a backing file that we support, it scrubs the
> signature to all zeros. If a user specifies an explicit format parameter,
> this
> behavior is disabled.
>
> I contend that while a legitimate guest could write such a signature to the
> header, we would behave incorrectly anyway upon the next invocation of QEMU.
> This simply changes the incorrect behavior to not involve a security
> vulnerability.
>
> I've tested this pretty extensively both in the positive and negative case.
> I'm
> not 100% confident in the block layer's ability to deal with zero sized writes
> particularly with respect to the aio functions so some additional eyes would
> be
> appreciated.
>
> Even in the case of a single sector write, we have to make sure to invoked the
> completion from a bottom half so just removing the zero sized write is not an
> option.
>
> Signed-off-by: Anthony Liguori <address@hidden>
Acked-by: Kevin Wolf <address@hidden>