[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] QEMU "drive_init()" Disk Format Security Bypass


  • To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
  • From: Eren Türkay <turkay.eren@xxxxxxxxx>
  • Date: Thu, 8 May 2008 20:12:05 +0300
  • Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
  • Delivery-date: Thu, 08 May 2008 10:12:54 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:cc:references:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; b=ORn8GoMAcUsBCCmDCtfyAg6rq52H6+4MdFOwYrnO364gVX63vc+K1SVaa7MQKQYzz7vEhLgL4e/bHm5Qk3PZUUGQiudPPZOLE6v2bwYXZq6z2ebihCNVAH+eN6q39loE2mkT6ELAIrTS7uex16qqFwdNJZwoncFXSTyAh18AaFA=
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>

On 08 May 2008 Thu 19:58:04 Ian Jackson wrote:
> We can add a safety catch so that if what is supposedly a raw image
> looks like a cow disk, we fail, unless the rawness was explicitly
> specified.  So we can avoid data corruption although as far as I can
> see at the moment we have to at least break some existing
> deployments.

Thank you for reply.

Should I file a bug about this situation? I'm looking forward to security fix. 
Btw, KVM also fixed this vulnerability (they just pulled latest qemu code).

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.