WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [PATCH] QEMU "drive_init()" Disk Format Security Bypass

from [Markus Armbruster] [Permanent Link][Original]
To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH] QEMU "drive_init()" Disk Format Security Bypass
From: Markus Armbruster <armbru@xxxxxxxxxx>
Date: Mon, 16 Jun 2008 18:37:17 +0200
Cc: Eren Türkay <turkay.eren@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 16 Jun 2008 09:37:48 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <18518.35502.522506.191854@xxxxxxxxxxxxxxxxxxxxxxxx> (Ian Jackson's message of "Mon\, 16 Jun 2008 16\:45\:50 +0100")
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <200805081800.24064.turkay.eren@xxxxxxxxx> <18467.12572.126574.502777@xxxxxxxxxxxxxxxxxxxxxxxx> <20080508171255.GA31908@xxxxxxxxxx> <18467.13858.203078.97403@xxxxxxxxxxxxxxxxxxxxxxxx> <20080508172304.GB31908@xxxxxxxxxx> <18467.14318.921215.768838@xxxxxxxxxxxxxxxxxxxxxxxx> <20080508173023.GC31908@xxxxxxxxxx> <18468.29633.937355.26121@xxxxxxxxxxxxxxxxxxxxxxxx> <18473.52451.967004.377867@xxxxxxxxxxxxxxxxxxxxxxxx> <8763sw9nfx.fsf@xxxxxxxxxxxxxxxxx> <18496.793.632548.533855@xxxxxxxxxxxxxxxxxxxxxxxx> <18514.36535.961030.856448@xxxxxxxxxxxxxxxxxxxxxxxx> <87tzfto0ep.fsf@xxxxxxxxxxxxxxxxx> <18518.35502.522506.191854@xxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.1 (gnu/linux) 
Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> writes:

> Markus Armbruster writes ("Re: [Xen-devel] [PATCH] QEMU "drive_init()" Disk 
> Format Security Bypass"):
>> Patch looks sane.  I backported it to F-8 and verified that:
>> 
>> 1. usbdevice = "disk:IMG" opens the image IMG raw regardless of file
>>    contents.  Same for monitor command usb_add disk:IMG.
>> 
>> 2. usbdevice = "disk-qcow:IMG" opens the qcow image IMG correctly.
>>    Same for monitor command usb_add disk-qcow:IMG.
>
> Good, thanks.
>
>> I believe monitor command change is still broken.  I tried "change fda
>> IMG", with a qcow image IMG, and it was opened qcow.  But changing to
>> a raw image failed; I think that feature was broken by by your
>> security fix.
>
> Yes, this is expected.  If this is a problem then we need a more
> sophisticated solution.  NB that hopefully xen-unstable will acquire a
> much more recent qemu shortly so there is no need to fix it right now
> for xen-unstable unless it's a big problem which I think it probably
> isn't given how long it's been like this now ...
>
> Ian.

We could plug the hole by forcing raw in do_change_block().
One-liner, minor loss of functionality.  What do you think?

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] [PATCH] ioemu: move xenfb frontend to its own file, Samuel Thibault
Next by Date:  Re: [Xen-devel] [PATCH] ioemu: move xenfb frontend to its own file, Daniel P. Berrange
Previous by Thread:  Re: [Xen-devel] [PATCH] QEMU "drive_init()" Disk Format Security Bypass, Ian Jackson
Next by Thread:  Re: [Xen-devel] [PATCH] QEMU "drive_init()" Disk Format Security Bypass, Ian Jackson
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy