Re: [Qemu-block] [PATCH] block/nfs: add support for setting debug level

[Eric Blake]

On 06/25/2015 07:18 AM, Stefan Hajnoczi wrote:
> On Tue, Jun 23, 2015 at 10:12:15AM +0200, Peter Lieven wrote:
>> upcoming libnfs versions will support logging debug messages. Add
>> support for it in qemu through an URL parameter.
>>
>> Signed-off-by: Peter Lieven <address@hidden>
>> ---
>>  block/nfs.c | 4 ++++
>>  1 file changed, 4 insertions(+)
>>

> 
> Untrusted users may be able to set these options since they are encoded
> in the URI.  I'm imagining a hosting or cloud scenario like OpenStack.
> 
> A verbose debug level spams stderr and could consume a lot of disk
> space.
> 
> (The uid and gid options are probably okay since the NFS server cannot
> trust the uid/gid coming from QEMU anyway.)
> 
> I think we can merge this patch for QEMU 2.4 but I'd like to have a
> discussion about the security risk of encoding libnfs options in the
> URI.
> 
> CCed Eric Blake in case libvirt is affected.

Libvirt doesn't (yet) support XML describing debug parameters, and its
current XML does not let the user specify a raw URL, but rather the
individual pieces that libvirt then concatenates into the URL.
Basically, libvirt already uses a structured request, the way we
eventually want working for QMP blockdev-add for NFS images, with all
features broken into individual parameters within the struct rather than
a URL.  So from that perspective, I don't think exposing a debug
parameter in the NFS URL will hurt libvirt, but it doesn't answer
whether you'd have a security (log-filling) issue for uses of the URL
outside of libvirt.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

signature.asc
Description: OpenPGP digital signature