Comment 30 for bug 1415087
Revision history for this message
| Eric Harney (eharney) wrote Re: Format-guessing and file disclosure in image convert | #30 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
I don't think this patch will work reliably. Coding the expected format in the configuration for images coming from Glance doesn't work because because the images could be a number of different formats -- we need to query Glance for that information.
I've taken a look at a different instance of this same issue in this spec [1], which revolves around similar problems guessing formats of volume/snapshot files. It's a different scenario, but the gist of it is, at any point that you are handling an image or file from the "outside", you have to have a separate identifier indicating what format it is in, which isn't the file itself.
For this bug, Glance should be able to tell us that. But coding expected formats in the configuration isn't viable since it restricts us to only one format, and opens up holes such as someone supplying a raw image with a malicious qcow2 header written into it, which is accepted because the configuration by default says that it is qcow2.
[1] https:/