Comment 159 for bug 2059809
Revision history for this message
| Dan Smith (danms) wrote Re: Arbitrary file access through QCOW2 external data file (CVE-2024-32498) | #159 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Felix, we can't trust the image metadata (as you highlighted) and we also have been instructed by the qemu team that we really shouldn't be running qemu-img (even in info mode) on untrusted images. They're cooking up a patch for qemu-img to patch this one issue, but there could be other problems in the future.
Sniff-testing the image to see if it claims to be one thing but is actually a legit other format is what qemu-img does(when you don't force it to be treated as something specific), but my code is doing it in a safe way. Thus, I think that's the approach we need to take for the future.
If you mean that nova should be able to record the original intended format of a base image and continue to treat the image as that (i.e. raw even if it smells like a qcow) then I agree, but that's a much larger change.
I'll have a look at the unit tests. I had run them locally but was trying to get something that actually worked here ASAP (which is why I haven't posted backports yet) for testing. Thanks for confirming it works!