On 26/01/16 09:11 +0000, Daniel P. Berrange wrote:
On Sun, Jan 24, 2016 at 12:00:16AM +0200, Duncan Thomas wrote:I guess my wisdom would be 'why'? What does this enable you to do that you couldn't do with similar ease with the formats we have and are people trying to do that frequently.We've seen in cinder that image formats have a definite security surface to them, and with glance adding arbitrary conversion pipelines, that surface is going to increase with every format we add. This should mean we tend towards being increasingly conservative I think.Safely extracting tar file contents to create a disk image to run the VM from is particularly non-trivial. There have been many security flaws in the past with apps doing tar file unpacking in this kind of scenario. For example, Docker has had not one, but *three* vulnerabilities in this area CVE-2014-6407, CVE-2014-9356, and CVE-2014-9357. So unless there is a pretty compelling reason, I'd suggest we stay away from supporting tar as an image format, and require traditional image formats where we we can treat the file payload as an opaque blob and thus avoid all these file processing risks.
++ From a Glance perspective, there wouldn't be much to do and most of the security issues would live in the Ironic side. However, as a community, I think we should send a clear message and protect our users and, in this case, the best way is to avoid adding this format as supported. In future works (image conversions and whatnot) this could impact Glance as well. Cheers, Flavio
Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-- @flaper87 Flavio Percoco
signature.asc
Description: PGP signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
