[Qemu-devel] Re: [PATCH] Make default invocation of block drivers safer (v3)

2010-07-15 Thread Kevin Wolf
Am 15.07.2010 14:50, schrieb Anthony Liguori: > CVE-2008-2004 described a vulnerability in QEMU whereas a malicious user could > trick the block probing code into accessing arbitrary files in a guest. To > mitigate this, we added an explicit format parameter to -drive which disabling > block probi

[Qemu-devel] Re: [PATCH] Make default invocation of block drivers safer (v2)

2010-07-15 Thread Anthony Liguori
On 07/15/2010 07:44 AM, Kevin Wolf wrote: Am 15.07.2010 14:28, schrieb Anthony Liguori: On 07/15/2010 03:13 AM, Kevin Wolf wrote: Am 14.07.2010 19:54, schrieb Anthony Liguori: CVE-2008-2004 described a vulnerability in QEMU whereas a malicious user could trick the block prob

[Qemu-devel] Re: [PATCH] Make default invocation of block drivers safer (v2)

2010-07-15 Thread Kevin Wolf
Am 15.07.2010 14:28, schrieb Anthony Liguori: > On 07/15/2010 03:13 AM, Kevin Wolf wrote: >> Am 14.07.2010 19:54, schrieb Anthony Liguori: >> >>> CVE-2008-2004 described a vulnerability in QEMU whereas a malicious user >>> could >>> trick the block probing code into accessing arbitrary files i

[Qemu-devel] Re: [PATCH] Make default invocation of block drivers safer (v2)

2010-07-15 Thread Anthony Liguori
On 07/15/2010 03:13 AM, Kevin Wolf wrote: Am 14.07.2010 19:54, schrieb Anthony Liguori: CVE-2008-2004 described a vulnerability in QEMU whereas a malicious user could trick the block probing code into accessing arbitrary files in a guest. To mitigate this, we added an explicit format parame

[Qemu-devel] Re: [PATCH] Make default invocation of block drivers safer (v2)

2010-07-15 Thread Kevin Wolf
Am 14.07.2010 19:54, schrieb Anthony Liguori: > CVE-2008-2004 described a vulnerability in QEMU whereas a malicious user could > trick the block probing code into accessing arbitrary files in a guest. To > mitigate this, we added an explicit format parameter to -drive which disabling > block probi

Re: [Qemu-devel] Re: [PATCH] Make default invocation of block drivers safer

2010-07-15 Thread Kevin Wolf
Am 14.07.2010 19:40, schrieb Anthony Liguori: > On 07/14/2010 11:42 AM, Kevin Wolf wrote: >> However, I wonder why you even bother with adjusting buffers and >> requests and stuff instead of just returning a straight -EIO. Doing so >> would have the additional advantage that the expectation of the

Re: [Qemu-devel] Re: [PATCH] Make default invocation of block drivers safer

2010-07-14 Thread Anthony Liguori
On 07/14/2010 11:42 AM, Kevin Wolf wrote: Am 14.07.2010 18:12, schrieb Anthony Liguori: CVE-2008-2004 described a vulnerability in QEMU whereas a malicious user could trick the block probing code into accessing arbitrary files in a guest. To mitigate this, we added an explicit format parame

[Qemu-devel] Re: [PATCH] Make default invocation of block drivers safer

2010-07-14 Thread Kevin Wolf
Am 14.07.2010 18:12, schrieb Anthony Liguori: > CVE-2008-2004 described a vulnerability in QEMU whereas a malicious user could > trick the block probing code into accessing arbitrary files in a guest. To > mitigate this, we added an explicit format parameter to -drive which disabling > block probi