From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1IIs56-0002yB-6G
	for qemu-devel@nongnu.org; Wed, 08 Aug 2007 16:24:36 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1IIs55-0002xr-MK
	for qemu-devel@nongnu.org; Wed, 08 Aug 2007 16:24:35 -0400
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1IIs55-0002xm-HB
	for qemu-devel@nongnu.org; Wed, 08 Aug 2007 16:24:35 -0400
Received: from mx1.redhat.com ([66.187.233.31])
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <berrange@redhat.com>) id 1IIs55-0003si-81
	for qemu-devel@nongnu.org; Wed, 08 Aug 2007 16:24:35 -0400
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com
	[172.16.52.254])
	by mx1.redhat.com (8.13.1/8.13.1) with ESMTP id l78KOTOZ004791
	for <qemu-devel@nongnu.org>; Wed, 8 Aug 2007 16:24:29 -0400
Received: from file.surrey.redhat.com (file.fab.redhat.com [10.33.63.6])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id l78KOSUP012465
	for <qemu-devel@nongnu.org>; Wed, 8 Aug 2007 16:24:28 -0400
Received: (from berrange@localhost)
	by file.surrey.redhat.com (8.13.1/8.13.1/Submit) id l78KOSms008454
	for qemu-devel@nongnu.org; Wed, 8 Aug 2007 21:24:28 +0100
Date: Wed, 8 Aug 2007 21:24:28 +0100
From: "Daniel P. Berrange" <berrange@redhat.com>
Subject: Re: [Qemu-devel] [PATCH 4/4][RFC] Add logic to QEMU to read command
	line options from qcow2 images
Message-ID: <20070808202428.GA25050@redhat.com>
References: <59abf66e0708081124g14901b01i841b70d17ae1e097@mail.gmail.com>
	<59abf66e0708081252of2948d7we85c9084bad245d4@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <59abf66e0708081252of2948d7we85c9084bad245d4@mail.gmail.com>
Reply-To: "Daniel P. Berrange" <berrange@redhat.com>, qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

On Wed, Aug 08, 2007 at 04:52:58PM -0300, Jorge Luc?ngeli Obes wrote:
> This patch makes QEMU check for command line options stored in qcow2 images.

I think it is a bad idea from a security POV to automatically extract & use 
command line args from  a disk image like this without the admin explicitly 
requesting this capability. 

eg If I grabbed a demo disk image from a vendors' or community website I would
certainly not trust whatever args may happen to be embedded in the disk image
and thus do not want QEMU to be automatically running using them.

I'd recommend having some command line flag to turn this capability on. For
example a '--args PATH-TO-DISK' flag,

  qemu --args $HOME/fedora.qcow

Would extract args from the disk image & us them.

While traditional

  qemu $HOME/fedora.qcow

would *not* extract args.

> diff --git a/qemu/vl.c b/qemu/vl.c
> index 4ad39f1..1d28794 100644
> --- a/qemu/vl.c
> +++ b/qemu/vl.c
> @@ -7000,6 +7012,58 @@ int main(int argc, char **argv)
>      nb_nics = 0;
>      /* default mac address of the first network interface */
> 
> +    bdrv_init();
> +
> +    drv = bdrv_find_format("qcow2");
> +
> +    if (argc > 1 && argv[1][0] != '-') {
> +        bs = bdrv_new("");
> +        if (!bs) {
> +            fprintf(stderr, "Not enough memory");
> +            exit(1);
> +        }
> +        if (bdrv_open2(bs, argv[1], 0, drv) < 0) {
> +            fprintf(stderr, "Could not open '%s'", argv[1]);
> +            bdrv_delete(bs);
> +            exit(1);
> +        }
> +
> +        tmpannot = bdrv_get_annot(bs, "commandline_args");
> +        if (tmpannot) {
> +            pstrcpy(annot, 1024, tmpannot);
> +
> +            do {
> +                tok = strtok(nbtoks == 0? tmpannot : NULL, " ");
> +
> +                if (tok != NULL)
> +                    nbtoks++;
> +                else
> +                    done = 1;
> +            } while (!done);
> +
> +            free(tmpannot);
> +
> +            if (nbtoks > 0) {
> +                char **argvprime = malloc((nbtoks + argc) * sizeof(char*));
> +
> +                for (i = 0; i < argc; i++)
> +                    argvprime[i] = argv[i];
> +
> +                for (i = 0; i < nbtoks; i++)
> +                    argvprime[i + argc] = strtok(i == 0? annot : NULL, " ");
> +
> +                argv = argvprime;
> +                argc = argc + nbtoks;
> +
> +                for (i = 0; i < nbtoks + 2; i++)
> +                    printf("argv[%d] = %s\n", i, argv[i]);
> +
> +            }
> +        }
> +
> +        bdrv_delete(bs);
> +    }
> +
>      optind = 1;
>      for(;;) {
>          if (optind >= argc)


Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=|