Comment 7 for bug 1524274
Revision history for this message
| Nikola Đipanov (ndipanov) wrote Re: Unprivileged api user can access host data using instance snapshot | #7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Just for clarity the problematic line for RBD is
https:/
if you look at convert_image method it calls:
https:/
the call to qemu-image convert never gets passed an input file format (-f) which means it tries to guess it from the image.
Other formats Matt mentions call the same method and are exploitable for the same reason.