From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36342) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XIHPu-0004xN-Ca for qemu-devel@nongnu.org; Fri, 15 Aug 2014 09:19:43 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XIHPp-0000Pd-Cq for qemu-devel@nongnu.org; Fri, 15 Aug 2014 09:19:38 -0400 Received: from mx1.redhat.com ([209.132.183.28]:45768) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XIHPp-0000PY-4A for qemu-devel@nongnu.org; Fri, 15 Aug 2014 09:19:33 -0400 Message-ID: <53EE08E2.7040305@redhat.com> Date: Fri, 15 Aug 2014 07:19:30 -0600 From: Eric Blake MIME-Version: 1.0 References: <1406900401-19550-1-git-send-email-lkurusa@redhat.com> <20140812132034.GM20490@stefanha-thinkpad.redhat.com> <20140812133542.GA6876@localhost.localdomain> <1643597569.19303034.1408027347194.JavaMail.zimbra@redhat.com> <20140814145733.GA2399@localhost.localdomain> <20140815105519.GC3770@noname.redhat.com> <20140815121402.GB2399@localhost.localdomain> In-Reply-To: <20140815121402.GB2399@localhost.localdomain> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="F14jruPfWMLNcOLBHFhcQPiCrENRqTsEo" Subject: Re: [Qemu-devel] [PATCH 0/3] vpc: support probing of fixed size images List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Jeff Cody , Kevin Wolf Cc: Levente Kurusa , Fam Zheng , Stefan Weil , Andrew Jones , QEMU Developers , Stefan Hajnoczi This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --F14jruPfWMLNcOLBHFhcQPiCrENRqTsEo Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 08/15/2014 06:14 AM, Jeff Cody wrote: >=20 > And of course, convenience options like -hda spit out the deprecation > warning - which I think is probably a good thing. Here is what I made > it say: >=20 > fprintf(stderr, "Format autodetection is deprecated and may be " > "removed in future versions. Image format autodetection = " > "is not reliable; some image formats (e.g. raw) may " > "masquerade as other image formats. This could lead to "= > "system data loss or leaks.\n"); > =20 >=20 > If we think doing this is a good thing, I'll continue modifying the > qemu-iotests. Otherwise, I'll drop it. >=20 I'm in favor of it. The original CVE against qemu (CVE-2008-2004) has resulted in multiple libvirt CVEs over the years in dealing with fallout; most recently, there was debate just this year on whether a libvirt bug dealing with incorrect probing during drive-mirror situations counted as a CVE (the determination was that because libvirt's default is to prohibit probing, it did not; a user that intentionally flips libvirt's configuration to again allow probing has self-inflicted the vulnerability that I had uncovered). --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --F14jruPfWMLNcOLBHFhcQPiCrENRqTsEo Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg iQEcBAEBCAAGBQJT7gjiAAoJEKeha0olJ0NqbEEH/3KnOWSzVOt0MUp9lsranf98 yGU2lmKkWJmb7tc7PdaXYc4abZnrD2hwWvvOSfaICUD2ZwlUcOJItPNFl39LFQDR CktAlJZWh7j2cliNl3k77io65umzSaD6qr06ZWvOJthoi8qxXU1yW9WhZyvPmClN TsLdO3AQZb4leduNLNV8tojs1qyNfogJfL5p6b1xJgbkflY1LE/Vd6YiBQxn8ADR gH4IFyTkKKCByM3Q10srVLRqtndfflwIvb1IXL9palYPdvfjr06u/jBbRGNiM4Ux 0ThYQyQG7c4mRImReaer701UEP7eiGa1sYgMw1SeOlvLyG2xdkBVt4MJke2HtaE= =Augx -----END PGP SIGNATURE----- --F14jruPfWMLNcOLBHFhcQPiCrENRqTsEo--