Comment 102 for bug 2059809
Revision history for this message
| John Garbutt (johngarbutt) wrote Re: Arbitrary file access through QCOW2 external data file | #102 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Dan, this approach makes sense to me.
One thing I am worried about is that you could claim to have a raw image via Glance, it validates as raw, but its actually a nasty qcow2 or vmdk image? Is that a problem here, I have probably just missunderstood how your patch handles that case?
(Part of me wonders if we need like the opposite of privsep to run some of these validation tools in, like spawn an isolated container to validate these bits. Clearly that isn't for this fix, and probably more effort than its worth, like replacing "sudo" with "podman")