On 2/24/20 5:01 AM, Peter Krempa wrote:
On Sat, Feb 22, 2020 at 05:23:38 -0600, Eric Blake wrote:
In the past, we have had CVEs caused by qemu probing one image type
when an image started out as another but the guest was able to modify
content. The solution to those CVEs was to encode backing f
On Mon, Feb 24, 2020 at 12:01:45 +0100, Peter Krempa wrote:
> On Sat, Feb 22, 2020 at 05:23:38 -0600, Eric Blake wrote:
[...]
> > libvirt HAS to use blockdev-open on the backing chain and supply a
> > backing format there, and thus has to probe images. If libvirt ever
> > probes differently than
On Sat, Feb 22, 2020 at 05:23:38 -0600, Eric Blake wrote:
> In the past, we have had CVEs caused by qemu probing one image type
> when an image started out as another but the guest was able to modify
> content. The solution to those CVEs was to encode backing format
> information into qcow2, to en
In the past, we have had CVEs caused by qemu probing one image type
when an image started out as another but the guest was able to modify
content. The solution to those CVEs was to encode backing format
information into qcow2, to ensure that once we make a decision, we
don't have to probe any furt
