Re: [Qemu-devel] [PATCH] qemu: block.c: introducing "fmt:FMT:" prefix to image-filenames

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Uri Lublin <uril@redhat.com>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: Shahar Frank <sfrank@redhat.com>, Uri Lublin <uril@redhat.com>,
	qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH] qemu: block.c: introducing "fmt:FMT:" prefix to image-filenames
Date: Wed, 07 Jan 2009 19:56:01 +0200	[thread overview]
Message-ID: <4964ECB1.5080509@redhat.com> (raw)
In-Reply-To: <4964DE75.1010502@codemonkey.ws>

Anthony Liguori wrote:
> Uri Lublin wrote:
>> Hello,
>>
>> This patch below can be considered as a version 2 of Shahar's "Qemu 
>> image over raw devices" patch
>> http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg01083.html
>>
>> I think we've fixed the security flaw (that was discovered but not 
>> introduced by Shahar's patch).
> 
> Doesn't the fmt= option to the block drivers achieve the same thing 
> (except for not probing the backend formats)?

It does only for the leaf image (the writeable one).
While all backing files would be probed.
For example if we have a raw format image A (the base image), and the guest 
writes a fake qcow2 header into the beginning of the disk, and then the VM owner 
asks to create a new qcow2 image B with A as its backing file. In this scenario 
qemu opens A as a qcow2 image. This scenario is a security breach (mentioned by 
Daniel P. Berrange) as the fake qcow2 header may point to any host file.

I need to send a second version (-cdrom is broken). Comments about the concept 
would be appreciated.

Thanks for looking at it,
     Uri.

     prev parent reply	other threads:[~2009-01-07 17:56 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-01-05  1:28 [Qemu-devel] [PATCH] qemu: block.c: introducing "fmt:FMT:" prefix to image-filenames Uri Lublin
2009-01-07 16:55 ` Anthony Liguori
2009-01-07 17:56   ` Uri Lublin [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4964ECB1.5080509@redhat.com \
    --to=uril@redhat.com \
    --cc=anthony@codemonkey.ws \
    --cc=qemu-devel@nongnu.org \
    --cc=sfrank@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.