qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] Image probing: how it can be insecure, and what we coul


From: Jeff Cody
Subject: Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it
Date: Thu, 6 Nov 2014 09:35:24 -0500
User-agent: Mutt/1.5.21 (2010-09-15)

On Thu, Nov 06, 2014 at 02:57:07PM +0100, Markus Armbruster wrote:
> Kevin Wolf <address@hidden> writes:
> 
> > Am 04.11.2014 um 19:45 hat Markus Armbruster geschrieben:

[...]

> >> I proposed something less radical, namely to keep guessing the image
> >> format, but base the guess on trusted meta-data only: file name and
> >> attributes.  Block and character special files are raw.  For other
> >> files, find the file name extension, and look up the format claiming it.
> >> 
> >> PRO: Plugs the hole.
> >> 
> >> CON: Breaks existing usage when the new guess differs from the old
> >>     guess.  Common usage should be fine:
> >> 
> >>     * -hda test.qcow2
> >> 
> >>       Fine as long as test.qcow2 is really QCOW2 (as it should!), and
> >>       either specifies a backing format (as it arguably should), or the
> >>       backing file name is sane.
> >> 
> >>     * -hda disk.img
> >> 
> >>       Fine as long as disk.img is really a disk image (as it should).
> >
> > .img is not as clear, I've seen people using it for other formats. It's
> > still a disk image, but not a raw one.
> 
> Is this usage common?
> 

More anecdotal data: Like Eric, I have non-raw images using a .img
extension.

Also, ".img" as a generic naming convention is useful enough that some
of our own qemu iotests use it, regardless of format (mainly in block
job python tests)

[...]




reply via email to

[Prev in Thread] Current Thread [Next in Thread]