On 08/15/2014 06:14 AM, Jeff Cody wrote:

> 
> And of course, convenience options like -hda spit out the deprecation
> warning - which I think is probably a good thing.  Here is what I made
> it say:
> 
>       fprintf(stderr, "Format autodetection is deprecated and may be "
>               "removed in future versions.  Image format autodetection "
>               "is not reliable; some image formats (e.g. raw) may "
>               "masquerade as other image formats.  This could lead to "
>               "system data loss or leaks.\n");
>   
> 
> If we think doing this is a good thing, I'll continue modifying the
> qemu-iotests.  Otherwise, I'll drop it.
> 

I'm in favor of it. The original CVE against qemu (CVE-2008-2004) has
resulted in multiple libvirt CVEs over the years in dealing with
fallout; most recently, there was debate just this year on whether a
libvirt bug dealing with incorrect probing during drive-mirror
situations counted as a CVE (the determination was that because
libvirt's default is to prohibit probing, it did not; a user that
intentionally flips libvirt's configuration to again allow probing has
self-inflicted the vulnerability that I had uncovered).

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org