From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:37734)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1Xlxhm-0003Rc-CH
	for qemu-devel@nongnu.org; Wed, 05 Nov 2014 05:20:53 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1Xlxhb-0003zL-Ab
	for qemu-devel@nongnu.org; Wed, 05 Nov 2014 05:20:46 -0500
Received: from resqmta-po-10v.sys.comcast.net
	([2001:558:fe16:19:96:114:154:169]:40182)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1Xlxhb-0003yh-4X
	for qemu-devel@nongnu.org; Wed, 05 Nov 2014 05:20:35 -0500
Message-ID: <5459F961.8030305@redhat.com>
Date: Wed, 05 Nov 2014 11:18:09 +0100
From: Eric Blake <eblake@redhat.com>
MIME-Version: 1.0
References: <87lhnq3iul.fsf@blackfin.pond.sub.org>
	<5459E210.2020008@redhat.com>
In-Reply-To: <5459E210.2020008@redhat.com>
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="Sm5085qRrxfElAj6eRKAug9N8eAiBvsF9"
Subject: Re: [Qemu-devel] Image probing: how it can be insecure,
 and what we could do about it
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Max Reitz <mreitz@redhat.com>, Markus Armbruster <armbru@redhat.com>, qemu-devel@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>, Jeff Cody <jcody@redhat.com>, Stefan Hajnoczi <stefanha@redhat.com>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--Sm5085qRrxfElAj6eRKAug9N8eAiBvsF9
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 11/05/2014 09:38 AM, Max Reitz wrote:

>> Note that specifying just the top image's format is not enough, you al=
so
>> have to specify any backing images' formats.  QCOW2 can optionally sto=
re
>> the backing image format in the image.  The other COW formats can't.
>=20
> Well, they can, with "json:". *cough*
>=20
>> Example of insecure usage: -hda bar.vmdk, where bar.vmdk is a VMDK ima=
ge
>> with a raw backing file.
>=20
> Yesterday I found out that doesn't seem possible. You apparently can
> only use VMDK with VMDK backing files. Other than that, we only have
> qcow1 and qed as COW formats which should not be used anyway.

Actually, qed requires the backing format to be recorded (it is
non-optional) and is therefore immune to probing problems of backing
files.  That's one thing it got right.

--=20
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


--Sm5085qRrxfElAj6eRKAug9N8eAiBvsF9
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg

iQEcBAEBCAAGBQJUWflhAAoJEKeha0olJ0NqmzIH/2MynQEYgnLWCL7D7ys7MF/r
D4KCTfSoiibyKvAELzJy9cOsR8jAAqbkgj6I9bvdaeRxJQkXD9QAKXaoCBwzjfoH
+KRsPi0/xHY6hBwNMOX0Mht15P66P70oWX78UpwMGrC2gvnjrH7DK2gFxkZ4pnE8
lrvbqBjTA774vJTqe4OMsMYcJJvFgOqTcyUtzSJGDwYa1ZYKVCHqRW09kxr/AWF7
rxS5XZvK4pXPp3b8KCULv5BEpQEJMjbTouYIh35YcLf7C2vamqVQdcPiEkAw5Mkm
MEQl2beAR8rjonbMyqIv5VORxqtuNiJBwqT2i9H4trtPISOoapFgUJxiXt7KRVc=
=eIgU
-----END PGP SIGNATURE-----

--Sm5085qRrxfElAj6eRKAug9N8eAiBvsF9--