From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:37194)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <iusty@k1024.org>) id 1T2GmI-0003aB-Pl
	for qemu-devel@nongnu.org; Fri, 17 Aug 2012 03:15:31 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <iusty@k1024.org>) id 1T2GmH-0004WY-Oo
	for qemu-devel@nongnu.org; Fri, 17 Aug 2012 03:15:30 -0400
Received: from mail-wg0-f53.google.com ([74.125.82.53]:55539)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <iusty@k1024.org>) id 1T2GmH-0004WO-I8
	for qemu-devel@nongnu.org; Fri, 17 Aug 2012 03:15:29 -0400
Received: by wgbfm10 with SMTP id fm10so2508133wgb.10
	for <qemu-devel@nongnu.org>; Fri, 17 Aug 2012 00:15:28 -0700 (PDT)
Date: Fri, 17 Aug 2012 09:15:25 +0200
From: Iustin Pop <iusty@k1024.org>
Message-ID: <20120817071525.GA31643@teal.hq.k1024.org>
References: <20120816145836.GA6793@hq.k1024.org>
	<502D48DB.20805@msgid.tls.msk.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <502D48DB.20805@msgid.tls.msk.ru>
Subject: Re: [Qemu-devel] [PATCH] block: handle filenames with colons better
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Michael Tokarev <mjt@tls.msk.ru>
Cc: Kevin Wolf <kwolf@redhat.com>, qemu-devel@nongnu.org

On Thu, Aug 16, 2012 at 11:24:11PM +0400, Michael Tokarev wrote:
> On 16.08.2012 18:58, Iustin Pop wrote:
> > Commit 947995c (block: protect path_has_protocol from filenames with
> > colons) introduced a way to handle filenames with colons based on
> > whether the path contains a slash or not. IMHO this is not optimal,
> > since we shouldn't rely on the contents of the path but rather on
> > whether the given path exists as a file or not.
> > 
> > As such, this patch tries to handle both files with and without
> > slashes by falling back to opening them as files if no drivers
> > supporting the protocol has been identified.
> 
> I for one dislike this idea entirely: I think there should be a
> way to stop qemu from trying to open something as a file.  It
> opens a security hole after all, "what if" such a file will actually
> exist?

I'm not sure I understand the concern here. You pass what is a file path
(and not an existing protocol path), and you want qemu not to open it?
Or are you worried that a typo in the protocol name can lead to attacks?

> If I can vote, I'm voting against this with both hands.

It's fine to have a way to stop QEMU opening something as a file, but
please tell me how I can make it so that "qemu -hda x:0" works for both
regular files and block/char devices. Right now, it behaves differently
for these two, and from the code it looks like this difference is rather
accidental than intentional.

regards,
iustin