From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LCXaC-0004dW-HR for qemu-devel@nongnu.org; Tue, 16 Dec 2008 05:55:20 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LCXaA-0004bh-GH for qemu-devel@nongnu.org; Tue, 16 Dec 2008 05:55:19 -0500 Received: from [199.232.76.173] (port=43401 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LCXa9-0004bW-PA for qemu-devel@nongnu.org; Tue, 16 Dec 2008 05:55:17 -0500 Received: from mx1.redhat.com ([66.187.233.31]:40292) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LCXa8-00081N-UZ for qemu-devel@nongnu.org; Tue, 16 Dec 2008 05:55:17 -0500 Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id mBGAret6022591 for ; Tue, 16 Dec 2008 05:53:40 -0500 Received: from file.fab.redhat.com (file.fab.redhat.com [10.33.63.6]) by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id mBGAreTI009024 for ; Tue, 16 Dec 2008 05:53:40 -0500 Received: from file.fab.redhat.com (localhost.localdomain [127.0.0.1]) by file.fab.redhat.com (8.13.1/8.13.1) with ESMTP id mBGArdYU016594 for ; Tue, 16 Dec 2008 10:53:39 GMT Received: (from berrange@localhost) by file.fab.redhat.com (8.13.1/8.13.1/Submit) id mBGArd5W016486 for qemu-devel@nongnu.org; Tue, 16 Dec 2008 10:53:39 GMT Date: Tue, 16 Dec 2008 10:53:39 +0000 From: "Daniel P. Berrange" Subject: Re: [Qemu-devel][PATCH] Qemu image over raw devices Message-ID: <20081216105339.GA20024@redhat.com> References: <246345442.373921229413849052.JavaMail.root@zmail02.collab.prod.int.phx2.redhat.com> <49477773.3060405@suse.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <49477773.3060405@suse.de> Reply-To: "Daniel P. Berrange" , qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org On Tue, Dec 16, 2008 at 10:40:03AM +0100, Kevin Wolf wrote: > Shahar Frank schrieb: > > ----- "Kevin Wolf" wrote: > > > >> Shahar Frank schrieb: > >>> The following patch enables QEMU to create and use images with any > >>> format on top of a raw device. Note that -f is not enough > >> for > >>> bcking files support. > >> When would I need to explicitly specify the type of a backing file? > > > > The patch doesn't allow you to specify a type (image format). It allows you to force probing. This is done to override the default block-device => raw semantics. > > Ok, I see. But didn't we want to get rid of the probing whenever > possible because you can't tell raw files from whatever other format > reliably? Autoprobing of formats is usally a security flaw. ie, host admin configures the guest with raw file, but autoprobing is enabled. Guest admin now writes magic into their disk to match the qcow header and reboots, qemu now autoprobes the guest's disk as a grow on demand qcow format, letting them basically create any size disk they like beyond the initial raw file allocation. Even worse the guest could admin could have written a backing file location into the header and thus more or less get access to any file they like on the host. Autoprobing: just say no. NB, I'm talking about context of qemu here, not qemu-img which is all under host admin's control anyway so not an issue. Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|