commit 25e761acd56d4c820273fc0245ada06c500c1637
Author: David Ripton <email address hidden>
Date: Tue Jan 28 16:38:51 2014 -0500
Persist image format to a file, to prevent attacks based on changing it
The attack is based on creating a raw image that looks like a qcow2
image, and taking advantage of the code that used 'qemu-img info' to
autodetect the image format.
Now we store the image format to a 'disk.info' file, for Qcow2 and Raw
images, and only autodetect for images that have never been written to
that file.
SecurityImpact
Conflicts:
nova/virt/libvirt/imagebackend.py
Manual tweaks to some mocking in test_imagebackend.py
Change-Id: I2016efdb3f49a44ec4d677ac596eacc97871f30a
Co-authored-by: Nikola Dipanov <email address hidden>
Closes-bug: #1221190
Reviewed: https:/ /review. openstack. org/82841 /git.openstack. org/cgit/ openstack/ nova/commit/ ?id=25e761acd56 d4c820273fc0245 ada06c500c1637
Committed: https:/
Submitter: Jenkins
Branch: stable/havana
commit 25e761acd56d4c8 20273fc0245ada0 6c500c1637
Author: David Ripton <email address hidden>
Date: Tue Jan 28 16:38:51 2014 -0500
Persist image format to a file, to prevent attacks based on changing it
The attack is based on creating a raw image that looks like a qcow2
image, and taking advantage of the code that used 'qemu-img info' to
autodetect the image format.
Now we store the image format to a 'disk.info' file, for Qcow2 and Raw
images, and only autodetect for images that have never been written to
that file.
SecurityImpact
Conflicts: virt/libvirt/ imagebackend. py
nova/
Manual tweaks to some mocking in test_imagebacke nd.py
Change-Id: I2016efdb3f49a4 4ec4d677ac596ea cc97871f30a
Co-authored-by: Nikola Dipanov <email address hidden>
Closes-bug: #1221190