[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 4/4][RFC] Add logic to QEMU to read command line

From: Anthony Liguori
Subject: Re: [Qemu-devel] [PATCH 4/4][RFC] Add logic to QEMU to read command line options from qcow2 images
Date: Sat, 11 Aug 2007 14:52:45 -0500
User-agent: Thunderbird (X11/20070728)

Philip Boulain wrote:
Yikes. I like the intent, but the idea of a previously just-data file format suddenly being able to imply "-hdb fat:rw:/home/" does not strike me as a good one. :/

This is why directly executable is important so that the user realizes they must trust the image.

andrzej zaborowski wrote:
Yes, the file format starting with "#! /path/to/qemu" is a much better

That should probably be "#!/usr/bin/env qemu", or something similar, if the intent is that "self-executing" image files are mostly zero-effort portable across (UNIX-y) host environments.

I think the magic should just be "#!". Whatever you put as the QEMU executable is your choice. Separating the args to the next line actually does make it pretty portable. See my previous post as to how it would work under Windows.

Anthony Liguori wrote:
The disk image is directly executable and it makes it very clear to the user that they have to trust the disk image.

Only if qemu only read the embedded arguments in the case where it was executed as a script interpreter for the image, and/or only if the image's execute bit is set. In other words, this should prevent embedded arguments from being used:

  $ chmod -x dubious-image.qcow2
  $ qemu -hda dubious-image.qcow2

Yes, I think that another argument should be required as Dan suggested although I'd like something more explicit like "-read-args-from-image". In the case where the image was directly executable, it would be embedded as part of the interpreter arguments.

This also doesn't apply outside of UNIX-like environments, e.g. Windows; if someone had told Explorer to launch image files as "qemu.exe -hda (image)" (which is as close to shebanging a data file as you can really get), this could really be a nasty surprise.

I think this is covered by requiring the additional argument.


Anthony Liguori


reply via email to

[Prev in Thread] Current Thread [Next in Thread]