On 06/25/2015 07:18 AM, Stefan Hajnoczi wrote: > On Tue, Jun 23, 2015 at 10:12:15AM +0200, Peter Lieven wrote: >> upcoming libnfs versions will support logging debug messages. Add >> support for it in qemu through an URL parameter. >> >> Signed-off-by: Peter Lieven <p...@kamp.de> >> --- >> block/nfs.c | 4 ++++ >> 1 file changed, 4 insertions(+) >>
> > Untrusted users may be able to set these options since they are encoded > in the URI. I'm imagining a hosting or cloud scenario like OpenStack. > > A verbose debug level spams stderr and could consume a lot of disk > space. > > (The uid and gid options are probably okay since the NFS server cannot > trust the uid/gid coming from QEMU anyway.) > > I think we can merge this patch for QEMU 2.4 but I'd like to have a > discussion about the security risk of encoding libnfs options in the > URI. > > CCed Eric Blake in case libvirt is affected. Libvirt doesn't (yet) support XML describing debug parameters, and its current XML does not let the user specify a raw URL, but rather the individual pieces that libvirt then concatenates into the URL. Basically, libvirt already uses a structured request, the way we eventually want working for QMP blockdev-add for NFS images, with all features broken into individual parameters within the struct rather than a URL. So from that perspective, I don't think exposing a debug parameter in the NFS URL will hurt libvirt, but it doesn't answer whether you'd have a security (log-filling) issue for uses of the URL outside of libvirt. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
