|
From: | Avi Kivity |
Subject: | Re: [Qemu-devel] [PATCH 4/4][RFC] Add logic to QEMU to read command line options from qcow2 images |
Date: | Thu, 09 Aug 2007 23:16:37 +0300 |
User-agent: | Thunderbird 2.0.0.5 (X11/20070719) |
Anthony Liguori wrote:
I think it is a bad idea from a security POV to automatically extract & use command line args from a disk image like this without the admin explicitly requesting this capability. eg If I grabbed a demo disk image from a vendors' or community website I would certainly not trust whatever args may happen to be embedded in the disk imageand thus do not want QEMU to be automatically running using them.I'd recommend having some command line flag to turn this capability on. Forexample a '--args PATH-TO-DISK' flag, qemu --args $HOME/fedora.qcowThat's pretty nasty. How do you specify which disk this is then? I do agree with you that allowing arbitrary command line arguments in an image file is probably a bad idea. I think the general idea of being able to launch a single image is useful but I suspect this is not the right way to do it.What are some people thinking would want to be stored in the file? Most of the command line options are more host specific than guest specific I think. Maybe we can store a pseudo-config instead that only contains a subset of parameters (and therefore, wouldn't pose a security risk)?
Memory size, -hdb and -cdrom, processor count, networking setup. The sort of things people push into ad-hoc scripts.
I expect this to be the low-end solution; with high end management applications storing configuration options in a database.
[Prev in Thread] | Current Thread | [Next in Thread] |