openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #15599
Re: [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
On Wed, Aug 08, 2012 at 02:17:30PM +0200, Thierry Carrez wrote:
> Eric Windisch wrote:
> > Unfortunately, this won't be the end of vulnerabilities coming from this "feature".
>
> Indeed. I would like to see evil file injection die, and be replaced by
> cloud-init / config-drive. That's the safest way.
>
> If we can't totally get rid of file injection, I'd like it to be a clear
> second-class citizen that you should enable only if you absolutely need it.
If we used the libguestfs APIs instead of guestmount program, then the
security characteristics of file injection would be pretty much equivalent
to config drive IMHO. In both cases you would be primarily relying on
the containment of the QEMU process for security.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
References