Comment 38 for bug 1415087
Revision history for this message
| Bastian Blank (waldi) wrote Re: [Bug 1415087] Re: Format-guessing and file disclosure in image convert | #38 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
On Wed, Apr 01, 2015 at 10:00:13AM -0000, Duncan Thomas wrote:
> Bastian: The problem is, in a few cases, we don't know the storage
> format for sure. For filesystem based starge, nova can and does change
> the format during certain operations, without telling cinder.
This are "few cases". So you can fix the known cases, properly document
the cases where you may not know. But I want to have some informations:
- the code location of this stabbing cinder in the back and
- the db location nova itself stores this information (or does it always
fall back to sniffing, which means all qemu calls needs to be audited
as well).
> This is
> something we're working on fixing, and I agree it is a better fix, but
> it isn't going to be quick or simple.
So fix the locations that are easy and properly set the type to
undefined if you don't know. I don't really think lvm/iscsi backed
volumes will be changed in this way.
It's been over two months now without any real progress. Now you claim
it can't be fixed, only worked around. So I don't consider waiting any
longer will help and think about publishing this issue after easter.
So, if there have been CVE assigned please document them, otherwise I
will take care of that.
Regards,
Bastian
--
Most legends have their basis in facts.
-- Kirk, "And The Children Shall Lead", stardate 5029.5