[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libguestfs] [PATCH] Add tune2fs support to libguestfs.

On Thu, Nov 10, 2011 at 01:48:53PM +0000, Mark McLoughlin wrote:
> Thanks for all that Rich. My takeaways are:
>   1) The current file injection and disk resizing code in OpenStack 
>      doesn't provide sufficient protection against the possibility of
>      users exploiting vulnerabilities in the kernel or core OS userspace
>      utilities.
>      However, there's no known vulnerability here that needs an urgent 
>      response (e.g. filing a CVE) - i.e. it's not like the issue with
>      using qemu's disk format auto-detection.
>   2) Restricting the set of guest filesystems we support would 
>      eliminate one of the most likely sources of potential 
>      vulnerabilities.
>   3) Using libguestfs (and later, using it over libvirt/svirt) would
>      provide much greater protection along with the potential to 
>      support things like LVM inside guest images.


I looked at their use of qemu / format detection, and it appears safe:

I tried to upload an image with backing file = /etc/passwd.  You can
upload such an image to glance.  But when you try to attach it to a
guest, any use of backing files is rejected by a correct test in

I also looked at whether they pass the correct format field through to
libvirt (and thus to qemu), and they do.


Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines.  Boot with a
live CD or over the network (PXE) and turn machines into Xen guests.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]