From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56708) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZeQ6U-00018L-V1 for qemu-devel@nongnu.org; Tue, 22 Sep 2015 12:07:40 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZeQ6T-00052n-Pr for qemu-devel@nongnu.org; Tue, 22 Sep 2015 12:07:38 -0400 References: <1435047135-31647-1-git-send-email-pl@kamp.de> <20150625131806.GG4419@stefanha-thinkpad.redhat.com> From: Eric Blake Message-ID: <56017CC0.5010301@redhat.com> Date: Tue, 22 Sep 2015 10:07:28 -0600 MIME-Version: 1.0 In-Reply-To: <20150625131806.GG4419@stefanha-thinkpad.redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="ffvaqp9t2Ku72IswNtFBxhQxkVJxU17jN" Subject: Re: [Qemu-devel] [Qemu-block] [PATCH] block/nfs: add support for setting debug level List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Stefan Hajnoczi , Peter Lieven Cc: kwolf@redhat.com, ronniesahlberg@gmail.com, qemu-devel@nongnu.org, qemu-block@nongnu.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --ffvaqp9t2Ku72IswNtFBxhQxkVJxU17jN Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 06/25/2015 07:18 AM, Stefan Hajnoczi wrote: > On Tue, Jun 23, 2015 at 10:12:15AM +0200, Peter Lieven wrote: >> upcoming libnfs versions will support logging debug messages. Add >> support for it in qemu through an URL parameter. >> >> Signed-off-by: Peter Lieven >> --- >> block/nfs.c | 4 ++++ >> 1 file changed, 4 insertions(+) >> >=20 > Untrusted users may be able to set these options since they are encoded= > in the URI. I'm imagining a hosting or cloud scenario like OpenStack. >=20 > A verbose debug level spams stderr and could consume a lot of disk > space. >=20 > (The uid and gid options are probably okay since the NFS server cannot > trust the uid/gid coming from QEMU anyway.) >=20 > I think we can merge this patch for QEMU 2.4 but I'd like to have a > discussion about the security risk of encoding libnfs options in the > URI. >=20 > CCed Eric Blake in case libvirt is affected. Libvirt doesn't (yet) support XML describing debug parameters, and its current XML does not let the user specify a raw URL, but rather the individual pieces that libvirt then concatenates into the URL. Basically, libvirt already uses a structured request, the way we eventually want working for QMP blockdev-add for NFS images, with all features broken into individual parameters within the struct rather than a URL. So from that perspective, I don't think exposing a debug parameter in the NFS URL will hurt libvirt, but it doesn't answer whether you'd have a security (log-filling) issue for uses of the URL outside of libvirt. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --ffvaqp9t2Ku72IswNtFBxhQxkVJxU17jN Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJWAXzAAAoJEKeha0olJ0NqKXcH/2wKUL3bly5UclRmEwB/2y6b GuzeuHxQV/4zSJpB01sfB8acaD5LCfMiWLQs8xIAp3hRYo8TUyuAIjRvUnSyWq0p tq+RyWancPOGZBszkL7c2HqxXi6MIqpirEIQGpM4e7nb381iGG0noQPNe8ZhYV/a BFWRNJixwEwQz4/F1bBiO7mxjjwDUJcT+N54A+W6TZbQ+w7GHX+wwK4EhGSk0MzM uKZe/2uLCzMbSDWViSij7AFE78whDNU/6lzrtkVtXT3A6pAD3TP6Dc+GMPOONtIt QTOpYSY0u4ZsuIFBg0eY9fa1zjOXEU++KssHZEfwS7OyyOxK4kuTE6mpaPN+zn0= =N+k0 -----END PGP SIGNATURE----- --ffvaqp9t2Ku72IswNtFBxhQxkVJxU17jN--