Comment 84 for bug 2059809
Revision history for this message
| Brian Rosmaita (brian-rosmaita) wrote Re: Arbitrary file access through QCOW2 external data file | #84 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
OK, so this sounds completely insane. We're going to use the format inspector to check qcow2's for the backing_file and data_file exploits, which we know occur upon image conversion, not image info, but continue to use 'qemu-img info' for every other kind of file, including qcow2's that do *not* have backing_file or data_file issues, but very well could have something else?
What I'm trying to say is that if this LP Bug is addressing the qcow2 data_file issue, the format inspector approach seems to be overkill, and if the LP Bug is supposed to address the issue that openstack is using 'qemu-img info' to look at any images at all, then it's not nearly enough. So what exactly are we trying to fix here?