Re: [Qemu-devel] [PATCH 0/3] vpc: support probing of fixed size images

[Eric Blake <eblake@redhat.com>]

[-- Attachment #1: Type: text/plain, Size: 1329 bytes --]

On 08/15/2014 06:14 AM, Jeff Cody wrote:

> 
> And of course, convenience options like -hda spit out the deprecation
> warning - which I think is probably a good thing.  Here is what I made
> it say:
> 
>       fprintf(stderr, "Format autodetection is deprecated and may be "
>               "removed in future versions.  Image format autodetection "
>               "is not reliable; some image formats (e.g. raw) may "
>               "masquerade as other image formats.  This could lead to "
>               "system data loss or leaks.\n");
>   
> 
> If we think doing this is a good thing, I'll continue modifying the
> qemu-iotests.  Otherwise, I'll drop it.
> 

I'm in favor of it. The original CVE against qemu (CVE-2008-2004) has
resulted in multiple libvirt CVEs over the years in dealing with
fallout; most recently, there was debate just this year on whether a
libvirt bug dealing with incorrect probing during drive-mirror
situations counted as a CVE (the determination was that because
libvirt's default is to prohibit probing, it did not; a user that
intentionally flips libvirt's configuration to again allow probing has
self-inflicted the vulnerability that I had uncovered).

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 539 bytes --]