On Mon, Aug 16, 2021 at 01:50:46PM -0500, Eric Blake wrote:
> https://nostarttls.secvuln.info/ pointed out a common implementation
> flaw in various SMTP and IMAP servers with regards to improperly
> caching plaintext state across the STARTTLS encryption boundary. It
> turns out that nbdkit has
On Mon, Aug 16, 2021 at 01:02:55PM -0500, Eric Blake wrote:
> On Mon, Aug 16, 2021 at 05:31:10PM +0200, Wouter Verhelst wrote:
>
> > > +++ b/doc/proto.md
> > > @@ -1165,6 +1165,14 @@ of the newstyle negotiation.
> > > permitted by this document (for example, `NBD_REP_ERR_INVALID` if
> > >
https://nostarttls.secvuln.info/ pointed out a common implementation
flaw in various SMTP and IMAP servers with regards to improperly
caching plaintext state across the STARTTLS encryption boundary. It
turns out that nbdkit has the same vulnerability in regards to the NBD
protocol: an attacker is
Using OPT_SET_META_CONTEXTS is stateful (it is documented to wipe out
any previously-requested contexts, and we just tightened the spec to
clarify that starting TLS also wipes it out). But
OPT_LIST_META_CONTEXTS is not stateful; and in fact, with a
SELECTIVETLS server, it can be handy to list the
Consider a SELECTIVETLS server and a MitM attacker, under the
following NBD_OPT_ handshake scenario:
client: mitm:server:
> _STARTTLS
> _STRUCTURED_REPLY
< _REP_ACK
On Mon, Aug 16, 2021 at 05:31:10PM +0200, Wouter Verhelst wrote:
> > +++ b/doc/proto.md
> > @@ -1165,6 +1165,14 @@ of the newstyle negotiation.
> > permitted by this document (for example, `NBD_REP_ERR_INVALID` if
> > the client included data).
> >
> > +When this command succeeds,
On Mon, Aug 16, 2021 at 12:38:39PM -0500, Eric Blake wrote:
> QEMU 6.1 and earlier default qemu-img to --cache=writeback, but
> qemu-nbd to --cache=writethrough, which is inherently slower because
> it requires more flushing. Although qemu 6.2 will probably be
> changing the default of qemu-nbd
QEMU 6.1 and earlier default qemu-img to --cache=writeback, but
qemu-nbd to --cache=writethrough, which is inherently slower because
it requires more flushing. Although qemu 6.2 will probably be
changing the default of qemu-nbd for consistency, in the meantime we
can be explicit in our choice for
On Thu, Aug 12, 2021 at 09:39:24AM -0500, Eric Blake wrote:
> On Tue, Aug 10, 2021 at 01:08:59PM -0500, Eric Blake wrote:
> > Especially useful in light of the recent publishing of
> > https://nostarttls.secvuln.info/, which documents a variety of
> > implementations vulnerable to downgrade
On Thu, Aug 12, 2021 at 10:20:40AM -0500, Eric Blake wrote:
> Consider a SELECTIVETLS server and a MitM attacker, under the
> following NBD_OPT_ handshake scenario:
>
> client: mitm:server:
> > _STARTTLS
> > _SET_META_CONTEXT("A")
>
On Wed, Aug 11, 2021 at 01:21:18AM -0700, braindevices wrote:
> If I understood correct, the libguestfs actually start a qemu vm under the
> hood. When I call guestunmount it unmounts the image then shutdown the vm.
> However, if I do this programmably, commonly it will fail due to the vm is
>
11 matches
Mail list logo