this series of patches implements additional hardening when copying potentially untrusted image files: - extend file_size_info helper which already does most of the work - add call to check imported volume in remote migration - add/adapt calls for `import-from` handling in Qemu
these are not problematic at the moment, and these patches just serve as additional hardening: - remote migration requires a special privilege, the source must already be trusted - import-from only allows importing volumes already on the storage, which are not untrusted but created by PVE itself, or by a user with root privileges the functionality in PVE::Storage should also be used for future additions where untrusted image files are processed: - Dominik's OVA import patch series - arbitrary disk image upload/download features where not doing such checks might pose a security risk. pve-guest-common: Fabian Grünbichler (1): storage tunnel: check just-imported image files src/PVE/StorageTunnel.pm | 7 +++++++ 1 file changed, 7 insertions(+) pve-storage: Fabian Grünbichler (1): file_size_info: implement untrusted mode src/PVE/Storage.pm | 4 ++-- src/PVE/Storage/Plugin.pm | 35 ++++++++++++++++++++++++++++++----- 2 files changed, 32 insertions(+), 7 deletions(-) qemu-server: Fabian Grünbichler (1): disk import: add additional safeguards for imported image files PVE/API2/Qemu.pm | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) -- 2.39.2 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
