[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen 3.4.1 and QCOW - sparse backing file support gone forever?

To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
From: Martin Troester <TroyMcClure@xxxxxx>
Date: Fri, 25 Sep 2009 23:05:48 +0200
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 25 Sep 2009 14:11:14 -0700
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Ian,

thanks for giving me some details on a possible change for Xen 3.5.

Ian Jackson wrote:

Martin Troester writes ("[Xen-devel] Xen 3.4.1 and QCOW - sparse backing file 
support gone forever?"):

If that's not in, is there any plan how to deal with scenarios like
mine? Especially, is there way to convert my images to some usable
format for not having to stick to Xen 3.2.1? Or is it just too exotic so
that I throw everything away and think of something else? (I am still
thinking that stacking qcow images is not the most stupid thing to do...)


If it works for you then your system may have a security problem.  I
haven't analysed this use case in detail and it would depend on the
exact structure of your storage.

I think I am still missing the point on the severity of this attack.

Assuming I offer a user a virtual machine with a qcow2 image backed byanother qcow2 image which is ultimately backed by a raw image, how woulda user ever get the possibility to modify the first part of the rawimage to resemble a qcow header? This seems to be the point where I haveproblems following your scenario. From my understanding, the user wouldalways do modifications on the upper layer of the stack of files, onlyreading from below, writing to "his" proper layer. If that was not thecase, he would be able to compromise other layer's data, even withoutthe qcow header vs. raw story, right?

So, how would a user ever get the possibility to write the raw part?Only other option I can think of is giving the user access to the filesthemselves (e.g. via a user account in Dom0, or any other means of fileaccess to that container), but that would be a security issue by itself,even without the whole header discussion, wouldn't it?

I hope I'm not making a fool of myself here, but I thought I'd put mythoughts here to understand where I'm missing the point. If this doesnot belong to this list, I'd be happy to get your answer via private mail.


Thanks for some more hints on this issue!

Kind Regards,
Martin

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

References:
- [Xen-devel] Xen 3.4.1 and QCOW - sparse backing file support gone forever?
  - From: Martin Troester
- Re: [Xen-devel] Xen 3.4.1 and QCOW - sparse backing file support gone forever?
  - From: Ian Jackson

Prev by Date: RE: [Xen-devel] Issues with the PCI Passthrough and swiotlb on xen 3.3.1
Next by Date: [Xen-devel] xend fails to start with latest pvops 01423-g697ebdf
Previous by thread: Re: [Xen-devel] Xen 3.4.1 and QCOW - sparse backing file support gone forever?
Next by thread: [Xen-devel] [PATCH PV_OPS] IOMMU interaction fixes.
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.