[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] qemu: block.c: introducing "fmt:FMT:" prefix to
From: |
Uri Lublin |
Subject: |
Re: [Qemu-devel] [PATCH] qemu: block.c: introducing "fmt:FMT:" prefix to image-filenames |
Date: |
Wed, 07 Jan 2009 19:56:01 +0200 |
User-agent: |
Thunderbird 2.0.0.18 (X11/20081119) |
Anthony Liguori wrote:
Uri Lublin wrote:
Hello,
This patch below can be considered as a version 2 of Shahar's "Qemu
image over raw devices" patch
http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg01083.html
I think we've fixed the security flaw (that was discovered but not
introduced by Shahar's patch).
Doesn't the fmt= option to the block drivers achieve the same thing
(except for not probing the backend formats)?
It does only for the leaf image (the writeable one).
While all backing files would be probed.
For example if we have a raw format image A (the base image), and the guest
writes a fake qcow2 header into the beginning of the disk, and then the VM owner
asks to create a new qcow2 image B with A as its backing file. In this scenario
qemu opens A as a qcow2 image. This scenario is a security breach (mentioned by
Daniel P. Berrange) as the fake qcow2 header may point to any host file.
I need to send a second version (-cdrom is broken). Comments about the concept
would be appreciated.
Thanks for looking at it,
Uri.