Comment 55 for bug 2059809
Revision history for this message
| Brian Rosmaita (brian-rosmaita) wrote Re: Arbitrary file access through QCOW2 external data file | #55 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
@Martin, thanks for the explanation in comment #50. I have a few questions.
1. About the use of the nbd server in your POC ... is that necessary for this exploit to work, or is it just a convenient way to exfiltrate data in the case where file-1 wins the quorum, and the content of file-1 is written out to the second file via nbd?
2. Related ... could you do this quorum attack with just 2 files, and, e.g., overwrite /etc/shadow with /etc/group or something like that?
3. Do I understand correctly that the rewrite-corrupted happens on the 'qemu-img info' call, that you don't have to actually use the image in some way first?