[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH RFC for-2.3 1/1] block: New command line option
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] [PATCH RFC for-2.3 1/1] block: New command line option --no-format-probing |
Date: |
Mon, 23 Mar 2015 18:50:59 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 23/03/2015 18:48, Eric Blake wrote:
>> Why can't libvirt just add ,format=raw instead of leaving out the
>> format key altogether?
>
> Libvirt DOES add format=raw. This patch is an extra insurance
> policy to guarantee that libvirt does not have any code paths that
> omit the explicit format (as we have had a couple of CVEs in
> libvirt over the years where that was the case).
And where's the extra insurance policy to guarantee that QEMU does not
have any code paths that ignore the new command line option?
This is really borderline security theater. Bugs happen, we fix them.
Even better, Kevin now has implemented a strong mitigation for CVEs
like this, that won't allow guests to transmute a probed raw image
into another format. There certainly hasn't been enough discussion
for this to get into 2.3.
Paolo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJVEFJ+AAoJEL/70l94x66D/OEH/1j58fDg1W8XBjtaGQ12YsL6
HLKYaU2ObaxY3m5sX+mlMr1ftn/5kQnwVC7xx88xDCq/UG+GuSBRrT+SbxZtkdl4
SM9d0fATaK3yC0o0q3SWXeURAvi0bVOEoGqdpvwgrgGTcGkZPzsh9TwQySkupa8J
mQns/HTF3b7JWJvoVCseTOP99Hq+6+2DmWFbzyfisah/f2nlgNhPULSj0KZQmWxP
dMHPn9PG3NXV3E/xelTXWsMDuJKnnMu3w5MbULbNYDkwJe2f5bBOl6/AV4zqHZ5U
49Ewb1Mdcw+6r3aro2kCQ3wEYKnEpLb/Mb6Lj/i6OUXbA+0TlBWX906BBze+6SI=
=BWO8
-----END PGP SIGNATURE-----
- [Qemu-devel] [PATCH RFC for-2.3 0/1] block: New command line option --no-format-probing, Markus Armbruster, 2015/03/20
- [Qemu-devel] [PATCH RFC for-2.3 1/1] block: New command line option --no-format-probing, Markus Armbruster, 2015/03/20
- Re: [Qemu-devel] [PATCH RFC for-2.3 1/1] block: New command line option --no-format-probing, Max Reitz, 2015/03/20
- Re: [Qemu-devel] [PATCH RFC for-2.3 1/1] block: New command line option --no-format-probing, Markus Armbruster, 2015/03/20
- Re: [Qemu-devel] [PATCH RFC for-2.3 1/1] block: New command line option --no-format-probing, Max Reitz, 2015/03/20
- Re: [Qemu-devel] [PATCH RFC for-2.3 1/1] block: New command line option --no-format-probing, Eric Blake, 2015/03/20
- Re: [Qemu-devel] [PATCH RFC for-2.3 1/1] block: New command line option --no-format-probing, Markus Armbruster, 2015/03/20
- Re: [Qemu-devel] [PATCH RFC for-2.3 1/1] block: New command line option --no-format-probing, Eric Blake, 2015/03/20
- Re: [Qemu-devel] [PATCH RFC for-2.3 1/1] block: New command line option --no-format-probing, Paolo Bonzini, 2015/03/23
- Re: [Qemu-devel] [PATCH RFC for-2.3 1/1] block: New command line option --no-format-probing, Eric Blake, 2015/03/23
- Re: [Qemu-devel] [PATCH RFC for-2.3 1/1] block: New command line option --no-format-probing,
Paolo Bonzini <=
- Re: [Qemu-devel] [PATCH RFC for-2.3 1/1] block: New command line option --no-format-probing, Markus Armbruster, 2015/03/23
- Re: [Qemu-devel] [PATCH RFC for-2.3 1/1] block: New command line option --no-format-probing, Paolo Bonzini, 2015/03/24
- Re: [Qemu-devel] [Qemu-block] [PATCH RFC for-2.3 1/1] block: New command line option --no-format-probing, Eric Blake, 2015/03/24
- Re: [Qemu-devel] [PATCH RFC for-2.3 1/1] block: New command line option --no-format-probing, Markus Armbruster, 2015/03/24
- Re: [Qemu-devel] [PATCH RFC for-2.3 1/1] block: New command line option --no-format-probing, Paolo Bonzini, 2015/03/24
- Re: [Qemu-devel] [PATCH RFC for-2.3 1/1] block: New command line option --no-format-probing, Markus Armbruster, 2015/03/25
- Re: [Qemu-devel] [PATCH RFC for-2.3 1/1] block: New command line option --no-format-probing, Paolo Bonzini, 2015/03/25
Re: [Qemu-devel] [PATCH RFC for-2.3 0/1] block: New command line option --no-format-probing, Eric Blake, 2015/03/20
[Qemu-devel] [RFC PATCH] qemu: enforce no format probing when possible, Eric Blake, 2015/03/20