Yikes. I like the intent, but the idea of a previously just-data file format
suddenly being able to imply "-hdb fat:rw:/home/" does not strike me as a good
one. :/
andrzej zaborowski wrote:
Yes, the file format starting with "#! /path/to/qemu" is a much better
idea...
That should probably be "#!/usr/bin/env qemu", or something similar, if the
intent is that "self-executing" image files are mostly zero-effort portable
across (UNIX-y) host environments.
Anthony Liguori wrote:
The disk image is directly executable and it makes it very clear to the user
that they have to trust the disk image.
Only if qemu only read the embedded arguments in the case where it was executed
as a script interpreter for the image, and/or only if the image's execute bit
is set. In other words, this should prevent embedded arguments from being used:
$ chmod -x dubious-image.qcow2
$ qemu -hda dubious-image.qcow2
This also doesn't apply outside of UNIX-like environments, e.g. Windows; if
someone had told Explorer to launch image files as "qemu.exe -hda (image)"
(which is as close to shebanging a data file as you can really get), this could
really be a nasty surprise.
LionsPhil
