c9c0b1b4b5
When doing a live snapshot, the libvirt driver creates an intermediate
qcow2 file with the same backing file as the original disk. However,
it calls qemu-img info without specifying the input format explicitly.
An authenticated user can write data to a raw disk which will cause
this code to misinterpret the disk as a qcow2 file with a
user-specified backing file on the host, and return an arbitrary host
file as the backing file.
This bug does not appear to result in a data leak in this case, but
this is hard to verify. It certainly results in corrupt output.
Closes-Bug: #1524274
(cherry picked from commit
|
||
---|---|---|
.. | ||
storage | ||
volume | ||
__init__.py | ||
fake_imagebackend.py | ||
fake_libvirt_utils.py | ||
fake_os_brick_connector.py | ||
fakelibvirt.py | ||
test_blockinfo.py | ||
test_compat.py | ||
test_config.py | ||
test_designer.py | ||
test_driver.py | ||
test_fakelibvirt.py | ||
test_firewall.py | ||
test_guest.py | ||
test_host.py | ||
test_imagebackend.py | ||
test_imagecache.py | ||
test_utils.py | ||
test_vif.py |