[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Image probing: how it can be insecure, and what we coul
From: |
Eric Blake |
Subject: |
Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it |
Date: |
Thu, 06 Nov 2014 14:02:18 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 |
On 11/06/2014 01:43 PM, Markus Armbruster wrote:
>> Actually, qed requires the backing format to be recorded (it is
>> non-optional) and is therefore immune to probing problems of backing
>> files. That's one thing it got right.
>
> If I read the code correctly:
>
> QED has a feature bit QED_F_BACKING_FORMAT_NO_PROBE.
>
> It is changed when you set the backing file format. Setting format to
> "raw" sets the flag, anything else (including nothing) clears the flag.
> The actual non-raw format is not recorded.
>
> Creating an image counts as setting the backing file format.
>
> If the flag is set, open uses "raw"for the backing file (no probing).
>
> If it's unset, open probes, and the probe may yield "raw".
Eww. Well, looks like a deficiency in the qed spec, and maybe all that
is needed to plug it is:
If the probe yields "raw", refuse to open the backing file (or put
another way, either the probe MUST find a non-raw file, or the user has
a bug that they forgot to set the raw bit so we refuse to open the file
to point out their bug).
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
- [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, Markus Armbruster, 2014/11/04
- Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, Jeff Cody, 2014/11/04
- Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, Markus Armbruster, 2014/11/05
- Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, Max Reitz, 2014/11/05
- Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, Kevin Wolf, 2014/11/05
- Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, Markus Armbruster, 2014/11/06
- Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, Max Reitz, 2014/11/06
- Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, Jeff Cody, 2014/11/06
- Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, Max Reitz, 2014/11/06
- Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, Markus Armbruster, 2014/11/07
- Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, Max Reitz, 2014/11/07
- Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, Markus Armbruster, 2014/11/10
- Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, Markus Armbruster, 2014/11/07
- Re: [Qemu-devel] Image probing: how it can be insecure, and what we could do about it, Kevin Wolf, 2014/11/06