Comment 25 for bug 2071740
Revision history for this message
| Julia Kreger (juliaashleykreger) wrote Re: Hardening: don't run qemu-img with unvalidated image data | #25 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Ack, that is good to know, and realistically since it is just the descriptor file, that might make it on disk, but the machine would never, ever boot. So I guess it is likely okay.
The risk, AIUI, is if you could then snapshot that contents, but even if we had that supported as a thing, it would be in raw format, not as vmdk. So nothing to tickle anything but the raw driver as long as all qemu-img calls have a format defined.