openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #15852
Re: [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
On Tuesday, August 14, 2012 at 16:41 PM, Matt Joyce wrote:
> I get what you are saying. And for the sake of compatibility with other clouds and their images obviously that's the way to go, but my inner nerd is screaming "Well, about that... " and wanting me to rally people to the idea of putting the logic inside the images rather than inside of the cloud. Let init negotiate the api access and produce the filesystems it needs to get booted up properly.
>
Are we having the same conversation? :-) You were arguing for FUSE, I simply said that particular user-space solution isn't very viable due. Otherwise, I believe you and I agree.
I agree that the the approach being taken here isn't ideal. However, I also advocate that if this path is going to be traveled, it should be done in the safest way possible - in userspace, and write-once-read-never, if at all possible. However, I'm not too confident of libguestfs, but I understand why it is attractive in absence of good userspace filesystem tools. Several have pointed to mtools as one, and I'll also add debug2fs to this list, for those of strong conviction.
Regards,
Eric Windisch
References
-
[OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
From: Thierry Carrez, 2012-08-07
-
Re: [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
From: Eric Windisch, 2012-08-07
-
Re: [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
From: Michael Still, 2012-08-08
-
Re: [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
From: Pádraig Brady, 2012-08-08
-
Re: [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
From: Michael Still, 2012-08-08
-
Re: [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
From: Eric Windisch, 2012-08-08
-
Re: [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
From: Daniel P. Berrange, 2012-08-08
-
Re: [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
From: Richard W.M. Jones, 2012-08-14
-
Re: [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
From: Matt Joyce, 2012-08-14
-
Re: [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
From: Eric Windisch, 2012-08-14
-
Re: [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
From: Matt Joyce, 2012-08-14