On 12 September 2011 23:10, Daniel P. Berrange wrote:
> On Wed, Sep 07, 2011 at 03:02:51PM +0100, Eric Blake wrote:
>> On 09/07/2011 11:12 AM, Philipp Hahn wrote:
>> >Hello,
>> >
>> >I just tried the following command with libvirt-0.9.5git:
>> ># virsh snapshot-create "$VM" /dev/stdin
>> ><<<'../
Fair enough.
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On Tue, Sep 13, 2011 at 12:43:07AM +1000, dave bl wrote:
> On 12 September 2011 23:10, Daniel P. Berrange wrote:
> > On Wed, Sep 07, 2011 at 03:02:51PM +0100, Eric Blake wrote:
> >> On 09/07/2011 11:12 AM, Philipp Hahn wrote:
> >> >Hello,
> >> >
> >> >I just tried the following command with libvi
On Wed, Sep 07, 2011 at 03:02:51PM +0100, Eric Blake wrote:
> On 09/07/2011 11:12 AM, Philipp Hahn wrote:
> >Hello,
> >
> >I just tried the following command with libvirt-0.9.5git:
> ># virsh snapshot-create "$VM" /dev/stdin
> ><<<'../../../../../../etc/passwd'
> >
> >"Luckily" it adds a .xml suff
Hello Eric,
On Wednesday 07 September 2011 16:02:51 Eric Blake wrote:
> On 09/07/2011 11:12 AM, Philipp Hahn wrote:
> > I just tried the following command with libvirt-0.9.5git:
> > # virsh snapshot-create "$VM" /dev/stdin
> > <<<'../../../../../../etc/passwd >shot>'
> >
> > "Luckily" it adds a .
On 09/07/2011 11:12 AM, Philipp Hahn wrote:
Hello,
I just tried the following command with libvirt-0.9.5git:
# virsh snapshot-create "$VM" /dev/stdin
<<<'../../../../../../etc/passwd'
"Luckily" it adds a .xml suffix, but this still looks like a security problem
to me, because you can overwrite
Hello,
I just tried the following command with libvirt-0.9.5git:
# virsh snapshot-create "$VM" /dev/stdin
<<<'../../../../../../etc/passwd'
"Luckily" it adds a .xml suffix, but this still looks like a security problem
to me, because you can overwrite any .xml-file with libvirt gibberish.
Actu