Re: [Qemu-devel] [PATCH 4/4][RFC] Add logic to QEMU to read command line options from qcow2 images

[Philip Boulain]

Yikes. I like the intent, but the idea of a previously just-data file format 
suddenly being able to imply "-hdb fat:rw:/home/" does not strike me as a good 
one. :/

andrzej zaborowski wrote:
> Yes, the file format starting with "#! /path/to/qemu" is a much better
> idea...

That should probably be "#!/usr/bin/env qemu", or something similar, if the 
intent is that "self-executing" image files are mostly zero-effort portable 
across (UNIX-y) host environments.

Anthony Liguori wrote:
> The disk image is directly executable and it makes it very clear to the user 
> that they have to trust the disk image.

Only if qemu only read the embedded arguments in the case where it was executed 
as a script interpreter for the image, and/or only if the image's execute bit 
is set. In other words, this should prevent embedded arguments from being used:

  $ chmod -x dubious-image.qcow2
  $ qemu -hda dubious-image.qcow2

This also doesn't apply outside of UNIX-like environments, e.g. Windows; if 
someone had told Explorer to launch image files as "qemu.exe -hda (image)" 
(which is as close to shebanging a data file as you can really get), this could 
really be a nasty surprise.

LionsPhil