Re: [Libguestfs] [nbdkit PATCH] server: CVE-2021-???? reset structured replies on starttls

On Mon, Aug 16, 2021 at 01:50:46PM -0500, Eric Blake wrote: > https://nostarttls.secvuln.info/ pointed out a common implementation > flaw in various SMTP and IMAP servers with regards to improperly > caching plaintext state across the STARTTLS encryption boundary. It > turns out that nbdkit has

Re: [Libguestfs] [PATCH] spec: Clarify STARTTLS vs. SET_META_CONTEXT interaction

On Mon, Aug 16, 2021 at 01:02:55PM -0500, Eric Blake wrote: > On Mon, Aug 16, 2021 at 05:31:10PM +0200, Wouter Verhelst wrote: > > > > +++ b/doc/proto.md > > > @@ -1165,6 +1165,14 @@ of the newstyle negotiation. > > > permitted by this document (for example, `NBD_REP_ERR_INVALID` if > > >

[Libguestfs] [nbdkit PATCH] server: CVE-2021-???? reset structured replies on starttls

https://nostarttls.secvuln.info/ pointed out a common implementation flaw in various SMTP and IMAP servers with regards to improperly caching plaintext state across the STARTTLS encryption boundary. It turns out that nbdkit has the same vulnerability in regards to the NBD protocol: an attacker is

[Libguestfs] [PATCH] spec: Relax NBD_OPT_LIST_META_CONTEXTS

Using OPT_SET_META_CONTEXTS is stateful (it is documented to wipe out any previously-requested contexts, and we just tightened the spec to clarify that starting TLS also wipes it out). But OPT_LIST_META_CONTEXTS is not stateful; and in fact, with a SELECTIVETLS server, it can be handy to list the

[Libguestfs] [PATCH] spec: Clarify STARTTLS vs. STRUCTURED_REPLY

Consider a SELECTIVETLS server and a MitM attacker, under the following NBD_OPT_ handshake scenario: client: mitm:server: > _STARTTLS > _STRUCTURED_REPLY < _REP_ACK

Re: [Libguestfs] [PATCH] spec: Clarify STARTTLS vs. SET_META_CONTEXT interaction

On Mon, Aug 16, 2021 at 05:31:10PM +0200, Wouter Verhelst wrote: > > +++ b/doc/proto.md > > @@ -1165,6 +1165,14 @@ of the newstyle negotiation. > > permitted by this document (for example, `NBD_REP_ERR_INVALID` if > > the client included data). > > > > +When this command succeeds,

Re: [Libguestfs] [libnbd PATCH] tests: Prefer qemu-nbd --cache=writeback

On Mon, Aug 16, 2021 at 12:38:39PM -0500, Eric Blake wrote: > QEMU 6.1 and earlier default qemu-img to --cache=writeback, but > qemu-nbd to --cache=writethrough, which is inherently slower because > it requires more flushing. Although qemu 6.2 will probably be > changing the default of qemu-nbd

[Libguestfs] [libnbd PATCH] tests: Prefer qemu-nbd --cache=writeback

QEMU 6.1 and earlier default qemu-img to --cache=writeback, but qemu-nbd to --cache=writethrough, which is inherently slower because it requires more flushing. Although qemu 6.2 will probably be changing the default of qemu-nbd for consistency, in the meantime we can be explicit in our choice for

Re: [Libguestfs] [PATCH] docs: Link to protocol security considerations in uri docs

On Thu, Aug 12, 2021 at 09:39:24AM -0500, Eric Blake wrote: > On Tue, Aug 10, 2021 at 01:08:59PM -0500, Eric Blake wrote: > > Especially useful in light of the recent publishing of > > https://nostarttls.secvuln.info/, which documents a variety of > > implementations vulnerable to downgrade

Re: [Libguestfs] [PATCH] spec: Clarify STARTTLS vs. SET_META_CONTEXT interaction

On Thu, Aug 12, 2021 at 10:20:40AM -0500, Eric Blake wrote: > Consider a SELECTIVETLS server and a MitM attacker, under the > following NBD_OPT_ handshake scenario: > > client: mitm:server: > > _STARTTLS > > _SET_META_CONTEXT("A") >

Re: [Libguestfs] [libguestfs/libguestfs] guestunmount should not return before the image can be used by other vm (#70)

On Wed, Aug 11, 2021 at 01:21:18AM -0700, braindevices wrote: > If I understood correct, the libguestfs actually start a qemu vm under the > hood. When I call guestunmount it unmounts the image then shutdown the vm. > However, if I do this programmably, commonly it will fail due to the vm is >