openstack team mailing list archive

Thread
Date

Is there a security issue with qcow2 images ?

To: "openstack@xxxxxxxxxxxxxxxxxxx (openstack@xxxxxxxxxxxxxxxxxxx)" <openstack@xxxxxxxxxxxxxxxxxxx>
From: "Day, Phil" <philip.day@xxxxxx>
Date: Wed, 25 Jan 2012 18:11:14 +0000
Accept-language: en-US
Acceptlanguage: en-US
Thread-index: AczbjLmht5+Z2V/LR0qJazJTm7FlEA==
Thread-topic: Is there a security issue with qcow2 images ?

Hi Folks,

I have a half remembered conversation from the Boston summit where someone said that there was a security issue in using qcow2 as a format for creating snapshot images.

Does that ring any bells with anyone, and if so can you expand on the potential issue please ?

I think it was something to do with why base images have to be expanded after download, but I might be wrong on that.   I'm particularly interested in using qcow2 as an upload format for snapshots.

Thanks
Phil

Follow ups

Re: Is there a security issue with qcow2 images ?
From: Blake Yeager, 2012-01-25
Re: Is there a security issue with qcow2 images ?
From: Vishvananda Ishaya, 2012-01-25