qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH RFC 2/2] block: Warn on insecure format probing

From: Kevin Wolf
Subject: Re: [Qemu-devel] [PATCH RFC 2/2] block: Warn on insecure format probing
Date: Thu, 30 Oct 2014 10:36:35 +0100
User-agent: Mutt/1.5.21 (2010-09-15) 
Am 30.10.2014 um 10:27 hat Stefan Hajnoczi geschrieben:
> On Thu, Oct 30, 2014 at 10:08:46AM +0100, Max Reitz wrote:
> > Also, I like Kevin's proposal/Anthony's approach a lot more because of its
> > principle. If a guest can overwrite the beginning of the image so it looks
> > like an image format, that's the real bug. Afterwards, anyone will recognize
> > that image as non-raw and they'd be correct.
> 
> No, it is not a guest bug.

No, but it is a host bug. When probed, this is not content that raw can
reliably store.

> The guest may legitimately use raw devices that contain image format
> data.  Imagine tools similar to libguestfs.
> 
> It's perfectly okay for them to lay out image format data onto a raw
> device.
> 
> Probing is the problem, not putting image format data onto a raw device.

Agreed, that's why any restrictions only apply when probing was used to
detect a raw image. If you want to do anything exotic like storing a
qcow2 image for nested virt on a disk that is a raw image in the host,
then making sure to pass format=raw shouldn't be too much.

Kevin

Attachment: pgpRi8CTgVbdd.pgp
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]