Re: [Qemu-devel] [PATCH 4/4][RFC] Add logic to QEMU to read command line options from qcow2 images

[Avi Kivity]

Anthony Liguori wrote:
> > I think it is a bad idea from a security POV to automatically extract 
> > & use command line args from  a disk image like this without the 
> > admin explicitly requesting this capability.
> > eg If I grabbed a demo disk image from a vendors' or community 
> > website I would
> > certainly not trust whatever args may happen to be embedded in the 
> > disk image
> > and thus do not want QEMU to be automatically running using them.
> >
> > I'd recommend having some command line flag to turn this capability 
> > on. For
> > example a '--args PATH-TO-DISK' flag,
> >
> >   qemu --args $HOME/fedora.qcow
> >   
>
> That's pretty nasty.  How do you specify which disk this is then?  I 
> do agree with you that allowing arbitrary command line arguments in an 
> image file is probably a bad idea.  I think the general idea of being 
> able to launch a single image is useful but I suspect this is not the 
> right way to do it.
>
> What are some people thinking would want to be stored in the file?  
> Most of the command line options are more host specific than guest 
> specific I think.  Maybe we can store a pseudo-config instead that 
> only contains a subset of parameters (and therefore, wouldn't pose a 
> security risk)? 

Memory size, -hdb and -cdrom, processor count, networking setup.  The 
sort of things people push into ad-hoc scripts.

I expect this to be the low-end solution; with high end management 
applications storing configuration options in a database.