[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Image probing: how it can be insecure, and what we coul
From: |
Jeff Cody |
Subject: |
Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it |
Date: |
Thu, 6 Nov 2014 09:35:24 -0500 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Thu, Nov 06, 2014 at 02:57:07PM +0100, Markus Armbruster wrote:
> Kevin Wolf <address@hidden> writes:
>
> > Am 04.11.2014 um 19:45 hat Markus Armbruster geschrieben:
[...]
> >> I proposed something less radical, namely to keep guessing the image
> >> format, but base the guess on trusted meta-data only: file name and
> >> attributes. Block and character special files are raw. For other
> >> files, find the file name extension, and look up the format claiming it.
> >>
> >> PRO: Plugs the hole.
> >>
> >> CON: Breaks existing usage when the new guess differs from the old
> >> guess. Common usage should be fine:
> >>
> >> * -hda test.qcow2
> >>
> >> Fine as long as test.qcow2 is really QCOW2 (as it should!), and
> >> either specifies a backing format (as it arguably should), or the
> >> backing file name is sane.
> >>
> >> * -hda disk.img
> >>
> >> Fine as long as disk.img is really a disk image (as it should).
> >
> > .img is not as clear, I've seen people using it for other formats. It's
> > still a disk image, but not a raw one.
>
> Is this usage common?
>
More anecdotal data: Like Eric, I have non-raw images using a .img
extension.
Also, ".img" as a generic naming convention is useful enough that some
of our own qemu iotests use it, regardless of format (mainly in block
job python tests)
[...]
- Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, (continued)
Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, Gerd Hoffmann, 2014/11/05
Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, Eric Blake, 2014/11/05
Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, Kevin Wolf, 2014/11/05
- Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, Markus Armbruster, 2014/11/06
- Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it,
Jeff Cody <=
- Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, Kevin Wolf, 2014/11/06
- Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, Markus Armbruster, 2014/11/07
- Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, Jeff Cody, 2014/11/07
- Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, Markus Armbruster, 2014/11/10
- Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, Kevin Wolf, 2014/11/10
- Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, Markus Armbruster, 2014/11/10
- Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, Jeff Cody, 2014/11/10
- Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, Markus Armbruster, 2014/11/11
Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, Markus Armbruster, 2014/11/10
Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, Dr. David Alan Gilbert, 2014/11/05