Re: [Xen-devel] [PATCH 2/2] libxl: switch NetBSD image file handling to Qemu

On 30/11/12 09:41, Ian Campbell wrote:
> On Thu, 2012-11-29 at 18:18 +0000, Brian Buhrow wrote:
>> 2.  Examine the file and see if it has a signature for QCOW or QCOW2 format.
>> (How does qemu figure out which it is?  Is it a simple bit of code that
>> could be snagged for re-use?)  Alternatively, check to see if it's a raw
>> image, and, if it is not, call qemu, otherwise, call vnd and use the
>> existing backend  block driver.  
> You should never probe for raw vs qcow (or any other container format)
> in this way.
> Imagine a VM with a "raw" disk. A malicious administrator of this VM
> could write a qcow header to it turning it into a snapshot backed by any
> path they like in dom0 (say /etc/shadow, ssh host keys, etc). Then they
> reboot their guest, the probing determines that it is now a qcow image
> with the given backing file, the VM admin simply reads from the disk to
> get at the dom0 file.
> The format of the image must always be specified by the user.

Yes, this was my bad, qcow or other non raw formats have to be specified
in the configuration file. The only thing we have to decide is whether
we will handle the raw image file using vnd or qemu. See version v2 of
this patch series.

