From mboxrd@z Thu Jan  1 00:00:00 1970
From: Eren =?iso-8859-1?q?T=FCrkay?= <turkay.eren@gmail.com>
Subject: Re: QEMU "drive_init()" Disk Format Security Bypass
Date: Thu, 8 May 2008 20:12:05 +0300
Message-ID: <200805082012.05397.turkay.eren@gmail.com>
References: <200805081800.24064.turkay.eren@gmail.com>
	<18467.12572.126574.502777@mariner.uk.xensource.com>
Mime-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <18467.12572.126574.502777@mariner.uk.xensource.com>
Content-Disposition: inline
List-Unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: Ian Jackson <Ian.Jackson@eu.citrix.com>
Cc: xen-devel@lists.xensource.com
List-Id: xen-devel@lists.xenproject.org

On 08 May 2008 Thu 19:58:04 Ian Jackson wrote:
> We can add a safety catch so that if what is supposedly a raw image
> looks like a cow disk, we fail, unless the rawness was explicitly
> specified. =A0So we can avoid data corruption although as far as I can
> see at the moment we have to at least break some existing
> deployments.

Thank you for reply.

Should I file a bug about this situation? I'm looking forward to security f=
ix.=20
Btw, KVM also fixed this vulnerability (they just pulled latest qemu code).