12 Mar
2015
12 Mar
'15
10:02 p.m.
On 03/12/2015 08:23 AM, Daniel P. Berrange wrote:
But if it would satisfy your paranoia, I can certainly add a verification step that the string being returned by qemu resolves to the same inode being tracked by libvirt, at least in the case where the <disk> element resolves to a filename rather than a network disk.
I think it would be desirable, because while your current usage may be safe with these assumptions, if someone refactors this 6 months later they may not realize the security implications of this code.
v2 posted on those grounds. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org