openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #15850
Re: [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
On Tue, Aug 14, 2012 at 11:30:29AM -0700, Matt Joyce wrote:
> I have to ask. Wasn't FUSE designed to do alot of this stuff? It is
> userspace and it doesn't do nasty stuff to file systems. Why aren't we
> going that route?
If you read earlier in this thread, you'll see that FUSE is what Nova
already uses, and is why we have this CVE. From a non-security POV,
FUSE is actually quite inefficient since its operations have to map
strictly to POSIX compliant filesystem APIs. Using the libguestfs API
directly gives you better performance and more flexible APIs for
accomplishing many tasks.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
References