Comment 82 for bug 2059809
Revision history for this message
| Brian Rosmaita (brian-rosmaita) wrote Re: Arbitrary file access through QCOW2 external data file | #82 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
@Dan: Looking at comment #64, the recommendation from the QEMU team is "the upshot is that we should generally avoid calling `qemu-img info` on any image files without first confirming that it's safe to do so. The QEMU maintainers do not consider that tool/subcommand safe to run on untrusted inputs, and hardening it to make that possible is probably out of scope from their point of view, so relying on it as our first line of defense merely opens us up to additional risks."
This doesn't say anything about the data file in particular; I took the second paragraph to be Jeremy's comment about this LP bug.
@Jeremy: can you clarify?