[Libguestfs] [PATCH] Add tune2fs support to libguestfs.
Richard W.M. Jones
rjones at redhat.com
Thu Nov 10 14:35:35 UTC 2011
On Thu, Nov 10, 2011 at 01:48:53PM +0000, Mark McLoughlin wrote:
> Thanks for all that Rich. My takeaways are:
>
> 1) The current file injection and disk resizing code in OpenStack
> doesn't provide sufficient protection against the possibility of
> users exploiting vulnerabilities in the kernel or core OS userspace
> utilities.
>
> However, there's no known vulnerability here that needs an urgent
> response (e.g. filing a CVE) - i.e. it's not like the issue with
> using qemu's disk format auto-detection.
>
> 2) Restricting the set of guest filesystems we support would
> eliminate one of the most likely sources of potential
> vulnerabilities.
>
> 3) Using libguestfs (and later, using it over libvirt/svirt) would
> provide much greater protection along with the potential to
> support things like LVM inside guest images.
Agreed.
I looked at their use of qemu / format detection, and it appears safe:
I tried to upload an image with backing file = /etc/passwd. You can
upload such an image to glance. But when you try to attach it to a
guest, any use of backing files is rejected by a correct test in
nova/virt/images.py.
I also looked at whether they pass the correct format field through to
libvirt (and thus to qemu), and they do.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into Xen guests.
http://et.redhat.com/~rjones/virt-p2v
More information about the Libguestfs
mailing list