From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1IJx17-0007Yk-8X for qemu-devel@nongnu.org; Sat, 11 Aug 2007 15:52:57 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1IJx15-0007Y4-NT for qemu-devel@nongnu.org; Sat, 11 Aug 2007 15:52:56 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1IJx15-0007Xx-Ju for qemu-devel@nongnu.org; Sat, 11 Aug 2007 15:52:55 -0400 Received: from wx-out-0506.google.com ([66.249.82.234]) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1IJx14-0003w1-Rk for qemu-devel@nongnu.org; Sat, 11 Aug 2007 15:52:55 -0400 Received: by wx-out-0506.google.com with SMTP id h31so846530wxd for ; Sat, 11 Aug 2007 12:52:54 -0700 (PDT) Message-ID: <46BE138D.7000500@codemonkey.ws> Date: Sat, 11 Aug 2007 14:52:45 -0500 From: Anthony Liguori MIME-Version: 1.0 Subject: Re: [Qemu-devel] [PATCH 4/4][RFC] Add logic to QEMU to read command line options from qcow2 images References: <59abf66e0708081124g14901b01i841b70d17ae1e097@mail.gmail.com> <59abf66e0708081252of2948d7we85c9084bad245d4@mail.gmail.com> <46BDFA90.4070400@ecs.soton.ac.uk> In-Reply-To: <46BDFA90.4070400@ecs.soton.ac.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Philip Boulain wrote: > Yikes. I like the intent, but the idea of a previously just-data file > format suddenly being able to imply "-hdb fat:rw:/home/" does not > strike me as a good one. :/ This is why directly executable is important so that the user realizes they must trust the image. > andrzej zaborowski wrote: >> Yes, the file format starting with "#! /path/to/qemu" is a much better >> idea... > > That should probably be "#!/usr/bin/env qemu", or something similar, > if the intent is that "self-executing" image files are mostly > zero-effort portable across (UNIX-y) host environments. I think the magic should just be "#!". Whatever you put as the QEMU executable is your choice. Separating the args to the next line actually does make it pretty portable. See my previous post as to how it would work under Windows. > Anthony Liguori wrote: >> The disk image is directly executable and it makes it very clear to >> the user that they have to trust the disk image. > > Only if qemu only read the embedded arguments in the case where it was > executed as a script interpreter for the image, and/or only if the > image's execute bit is set. In other words, this should prevent > embedded arguments from being used: > > $ chmod -x dubious-image.qcow2 > $ qemu -hda dubious-image.qcow2 Yes, I think that another argument should be required as Dan suggested although I'd like something more explicit like "-read-args-from-image". In the case where the image was directly executable, it would be embedded as part of the interpreter arguments. > This also doesn't apply outside of UNIX-like environments, e.g. > Windows; if someone had told Explorer to launch image files as > "qemu.exe -hda (image)" (which is as close to shebanging a data file > as you can really get), this could really be a nasty surprise. I think this is covered by requiring the additional argument. Regards, Anthony Liguori > LionsPhil > > > >