[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libguestfs] [PATCH 0/5] rbd improvements



On Thu, May 9, 2013 at 12:21 PM, Richard W.M. Jones <rjones redhat com> wrote:
> On Thu, May 09, 2013 at 11:23:55AM -0400, Mike Kelly wrote:
>> On Wed, May 8, 2013 at 6:53 AM, Richard W.M. Jones <rjones redhat com> wrote:
>> > One worry I have is whether quoting is required for the server
>> > name(s), export name, username and secret.
>>
>> Well. I think the main things we had to quote were ':' and ';', but
>> none of those are valid in a hostname. Username also probably doesn't
>> contain anything special, and secret is a base64-encoded string. I
>> confirmed that even with the string ending in '==', it was parsed just
>> fine by qemu, at least in my limited manual testing.
>>
>> If you can suggest a way to be more robust this, though, then I can
>> try to work that into a future patch series.
>
> The quoting problem happens when someone writes a program which takes
> (eg) a hostname string from the user and passes it unmodified to the
> guestfs API.  It's an issue if this string can cause unexpected [even
> malicious/exploitable] things to happen when passed unquoted on the
> qemu command line.

Well, I'm not sure if this way of setting things up is still
encouraged, but at least this documentation suggests basically using
the fact that libvirt won't quote the image name as a "feature":

  http://ceph.com/w/index.php?title=QEMU-RBD#Caching

   <disk type='network' device='disk'>
      <source protocol='rbd'
name='poolname/imagename:rbd_cache=1:rbd_cache_size=67108864:rbd_cache_max_dirty=0'/>
      <driver name='qemu' type='rbd'/>
      <target dev='vda' bus='virtio'/>
    </disk>

The more official documentation for configuring caching doesn't seem
to make any specific mention of this:

  http://ceph.com/docs/master/rbd/qemu-rbd/#qemu-cache-options
  http://ceph.com/docs/master/rbd/libvirt/
  http://ceph.com/docs/master/rbd/rbd-config-ref/

-- 
Mike Kelly


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]