Am 15.07.2010 14:50, schrieb Anthony Liguori:
> CVE-2008-2004 described a vulnerability in QEMU whereas a malicious user could
> trick the block probing code into accessing arbitrary files in a guest. To
> mitigate this, we added an explicit format parameter to -drive which disabling
> block probi
On 07/15/2010 07:44 AM, Kevin Wolf wrote:
Am 15.07.2010 14:28, schrieb Anthony Liguori:
On 07/15/2010 03:13 AM, Kevin Wolf wrote:
Am 14.07.2010 19:54, schrieb Anthony Liguori:
CVE-2008-2004 described a vulnerability in QEMU whereas a malicious user could
trick the block prob
Am 15.07.2010 14:28, schrieb Anthony Liguori:
> On 07/15/2010 03:13 AM, Kevin Wolf wrote:
>> Am 14.07.2010 19:54, schrieb Anthony Liguori:
>>
>>> CVE-2008-2004 described a vulnerability in QEMU whereas a malicious user
>>> could
>>> trick the block probing code into accessing arbitrary files i
On 07/15/2010 03:13 AM, Kevin Wolf wrote:
Am 14.07.2010 19:54, schrieb Anthony Liguori:
CVE-2008-2004 described a vulnerability in QEMU whereas a malicious user could
trick the block probing code into accessing arbitrary files in a guest. To
mitigate this, we added an explicit format parame
Am 14.07.2010 19:54, schrieb Anthony Liguori:
> CVE-2008-2004 described a vulnerability in QEMU whereas a malicious user could
> trick the block probing code into accessing arbitrary files in a guest. To
> mitigate this, we added an explicit format parameter to -drive which disabling
> block probi
Am 14.07.2010 19:40, schrieb Anthony Liguori:
> On 07/14/2010 11:42 AM, Kevin Wolf wrote:
>> However, I wonder why you even bother with adjusting buffers and
>> requests and stuff instead of just returning a straight -EIO. Doing so
>> would have the additional advantage that the expectation of the
On 07/14/2010 11:42 AM, Kevin Wolf wrote:
Am 14.07.2010 18:12, schrieb Anthony Liguori:
CVE-2008-2004 described a vulnerability in QEMU whereas a malicious user could
trick the block probing code into accessing arbitrary files in a guest. To
mitigate this, we added an explicit format parame
Am 14.07.2010 18:12, schrieb Anthony Liguori:
> CVE-2008-2004 described a vulnerability in QEMU whereas a malicious user could
> trick the block probing code into accessing arbitrary files in a guest. To
> mitigate this, we added an explicit format parameter to -drive which disabling
> block probi