From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:55933)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <armbru@redhat.com>) id 1Xo8IJ-000625-S5
	for qemu-devel@nongnu.org; Tue, 11 Nov 2014 05:03:33 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <armbru@redhat.com>) id 1Xo8ID-0005vq-Jy
	for qemu-devel@nongnu.org; Tue, 11 Nov 2014 05:03:27 -0500
Received: from mx1.redhat.com ([209.132.183.28]:48988)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <armbru@redhat.com>) id 1Xo8ID-0005un-Dr
	for qemu-devel@nongnu.org; Tue, 11 Nov 2014 05:03:21 -0500
Received: from int-mx11.intmail.prod.int.phx2.redhat.com
	(int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id sABA3K4c011916
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=FAIL)
	for <qemu-devel@nongnu.org>; Tue, 11 Nov 2014 05:03:20 -0500
From: Markus Armbruster <armbru@redhat.com>
References: <1415389165-16157-1-git-send-email-kwolf@redhat.com>
Date: Tue, 11 Nov 2014 11:03:17 +0100
In-Reply-To: <1415389165-16157-1-git-send-email-kwolf@redhat.com> (Kevin
	Wolf's message of "Fri, 7 Nov 2014 20:39:16 +0100")
Message-ID: <877fz2gil6.fsf@blackfin.pond.sub.org>
MIME-Version: 1.0
Content-Type: text/plain
Subject: Re: [Qemu-devel] [PATCH v2 0/9] raw: Prohibit dangerous writes for
	probed images
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Kevin Wolf <kwolf@redhat.com>
Cc: jcody@redhat.com, qemu-devel@nongnu.org, stefanha@redhat.com, mreitz@redhat.com

Kevin Wolf <kwolf@redhat.com> writes:

> See the commit message of patch 7 for the why and how. This series
> will probably be only part of the solution and doesn't mean that we
> should stop looking for other patches which improve different parts of
> the problem.
>
> See the mailing list thread "Image probing: how it can be insecure, and
> what we could do about it" for the complete context.

Not a review, just to update the record of my opinion on this approach:

* This is not a full solution to the problem I want solved, but that's
  okay, it's not sold as one.

* It helps in other scenarios I personally find less interesting, but
  that's okay, others find them interesting enough.

* It changes failure modes subtly.  I figure the failures are
  sufficiently rare and sufficiently catastrophic for me not to worry
  about changing them.

Therefore, I don't object to the general idea.