From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:33003) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XnvAR-00055D-QQ for qemu-devel@nongnu.org; Mon, 10 Nov 2014 15:02:32 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XnvAM-0006mZ-TC for qemu-devel@nongnu.org; Mon, 10 Nov 2014 15:02:27 -0500 Received: from mx1.redhat.com ([209.132.183.28]:36566) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XnvAM-0006ku-LO for qemu-devel@nongnu.org; Mon, 10 Nov 2014 15:02:22 -0500 Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id sAAK2MaY011612 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Mon, 10 Nov 2014 15:02:22 -0500 Message-ID: <546119CD.1070503@redhat.com> Date: Mon, 10 Nov 2014 13:02:21 -0700 From: Eric Blake MIME-Version: 1.0 References: <1415389165-16157-1-git-send-email-kwolf@redhat.com> In-Reply-To: <1415389165-16157-1-git-send-email-kwolf@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="oL2cCaSLlFmmIXuiDdQRwA0Ose0v9gCFt" Subject: Re: [Qemu-devel] [PATCH v2 0/9] raw: Prohibit dangerous writes for probed images List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Kevin Wolf , qemu-devel@nongnu.org Cc: jcody@redhat.com, armbru@redhat.com, stefanha@redhat.com, mreitz@redhat.com This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --oL2cCaSLlFmmIXuiDdQRwA0Ose0v9gCFt Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 11/07/2014 12:39 PM, Kevin Wolf wrote: > See the commit message of patch 7 for the why and how. This series > will probably be only part of the solution and doesn't mean that we > should stop looking for other patches which improve different parts of > the problem. I definitely agree that tackling multiple aspects of the problem will give us an overall better solution than sticking to one approach in isolation. >=20 > See the mailing list thread "Image probing: how it can be insecure, and= > what we could do about it" for the complete context. Thanks again for writing that one up. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --oL2cCaSLlFmmIXuiDdQRwA0Ose0v9gCFt Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg iQEcBAEBCAAGBQJUYRnNAAoJEKeha0olJ0NqTW4IAKGd0KiG5ZLgrp75hFUrK8mf K5figRMResA1GIIdS3SkCJPXspO60DafQ2vNLsGz11Ac/yTAczH4G7QXow8V2Ajx 1UlNY/vboyLpYUFIaNdb0Diu3N8l+0ey+o/aMKIXChGqEvUD1KWpDH1/+DuxnG9M y+J/7eq26sOzyNQQWPHRIKbOnwnLafn/afgre+miA09tucHjWaOzJJRc6FSD0WIo zVDwAj/YqX8MrV9XXrSlOMinL9zHtQBtwuQ2Y766efnoSw6cseJybT0laYvZW1Ve snfeOqlBnwRMCtmEQvKuTIlxxVmPrSMdOy4lkS2EyAhiCIWXft8zvDXxQggLr+o= =5fg2 -----END PGP SIGNATURE----- --oL2cCaSLlFmmIXuiDdQRwA0Ose0v9gCFt--