Xen 		  
Home About Xen.org Xen Xen Summit Wiki Mailing List Bug Tracker Xen Downloads
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] QEMU "drive_init()" Disk Format Security Bypass

from [Eren Türkay] [Permanent Link][Original]
To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] QEMU "drive_init()" Disk Format Security Bypass
From: Eren Türkay <turkay.eren@xxxxxxxxx>
Date: Thu, 8 May 2008 20:12:05 +0300
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 08 May 2008 10:12:54 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date:user-agent:cc:references:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; bh=b8HRRfcpg7o7Ca5l2PQecuQ8mU5Zhp/Lwzd4LBqUzDE=; b=LbfIw7K0ixWlPqwAR7gcfD4oFLHEPlBF0IQ9KBaBc7PjVMtGD69XyC9QL7tRkAcMxoS337bpgSqh/1XQqWfkYyxaOJbNq3AQQufIL9SJwdAAB+HDPYk7/WFPrOch9esP6sVMLlLYrgt93/DIU0BwK4MGsvA+dNtZT+NsRmM0tno=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:cc:references:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; b=ORn8GoMAcUsBCCmDCtfyAg6rq52H6+4MdFOwYrnO364gVX63vc+K1SVaa7MQKQYzz7vEhLgL4e/bHm5Qk3PZUUGQiudPPZOLE6v2bwYXZq6z2ebihCNVAH+eN6q39loE2mkT6ELAIrTS7uex16qqFwdNJZwoncFXSTyAh18AaFA=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <18467.12572.126574.502777@xxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <200805081800.24064.turkay.eren@xxxxxxxxx> <18467.12572.126574.502777@xxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.9.9 
On 08 May 2008 Thu 19:58:04 Ian Jackson wrote:
> We can add a safety catch so that if what is supposedly a raw image
> looks like a cow disk, we fail, unless the rawness was explicitly
> specified.  So we can avoid data corruption although as far as I can
> see at the moment we have to at least break some existing
> deployments.

Thank you for reply.

Should I file a bug about this situation? I'm looking forward to security fix. 
Btw, KVM also fixed this vulnerability (they just pulled latest qemu code).

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] Greater than 16 xvd devices for blkfront, Ian Jackson
Next by Date:  Re: [Xen-devel] QEMU "drive_init()" Disk Format Security Bypass, Daniel P. Berrange
Previous by Thread:  Re: [Xen-devel] QEMU "drive_init()" Disk Format Security Bypass, Ian Jackson
Next by Thread:  Re: [Xen-devel] QEMU "drive_init()" Disk Format Security Bypass, Daniel P. Berrange
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , XenSource, Inc. All rights reserved. Note: the xen.org trademark policy
is changing. For information please email legalxen.org, Legal and Privacy