From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1IJvLR-0002uj-3x
	for qemu-devel@nongnu.org; Sat, 11 Aug 2007 14:05:49 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1IJvLP-0002sJ-08
	for qemu-devel@nongnu.org; Sat, 11 Aug 2007 14:05:48 -0400
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1IJvLO-0002ry-JO
	for qemu-devel@nongnu.org; Sat, 11 Aug 2007 14:05:46 -0400
Received: from ranger.systems.pipex.net ([62.241.162.32])
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <prb@ecs.soton.ac.uk>) id 1IJvLN-0007lm-UU
	for qemu-devel@nongnu.org; Sat, 11 Aug 2007 14:05:46 -0400
Received: from [10.0.0.7] (81-86-106-14.dsl.pipex.com [81.86.106.14])
	by ranger.systems.pipex.net (Postfix) with ESMTP id 46370E0001EC
	for <qemu-devel@nongnu.org>; Sat, 11 Aug 2007 19:05:38 +0100 (BST)
Message-ID: <46BDFA90.4070400@ecs.soton.ac.uk>
Date: Sat, 11 Aug 2007 19:06:08 +0100
From: Philip Boulain <prb@ecs.soton.ac.uk>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] [PATCH 4/4][RFC] Add logic to QEMU to read command
	line options from qcow2 images
References: <59abf66e0708081124g14901b01i841b70d17ae1e097@mail.gmail.com>	<59abf66e0708081252of2948d7we85c9084bad245d4@mail.gmail.com>
	<fb249edb0708111011x5abd6a3ehb4a0d3876c2a91c8@mail.gmail.com>
In-Reply-To: <fb249edb0708111011x5abd6a3ehb4a0d3876c2a91c8@mail.gmail.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Yikes. I like the intent, but the idea of a previously just-data file format 
suddenly being able to imply "-hdb fat:rw:/home/" does not strike me as a good 
one. :/

andrzej zaborowski wrote:
> Yes, the file format starting with "#! /path/to/qemu" is a much better
> idea...

That should probably be "#!/usr/bin/env qemu", or something similar, if the 
intent is that "self-executing" image files are mostly zero-effort portable 
across (UNIX-y) host environments.

Anthony Liguori wrote:
> The disk image is directly executable and it makes it very clear to the user that they have to trust the disk image.

Only if qemu only read the embedded arguments in the case where it was executed 
as a script interpreter for the image, and/or only if the image's execute bit 
is set. In other words, this should prevent embedded arguments from being used:

   $ chmod -x dubious-image.qcow2
   $ qemu -hda dubious-image.qcow2

This also doesn't apply outside of UNIX-like environments, e.g. Windows; if 
someone had told Explorer to launch image files as "qemu.exe -hda (image)" 
(which is as close to shebanging a data file as you can really get), this could 
really be a nasty surprise.

LionsPhil