On 03/12/2015 08:23 AM, Daniel P. Berrange wrote: >> >> But if it would satisfy your paranoia, I can certainly add a >> verification step that the string being returned by qemu resolves to the >> same inode being tracked by libvirt, at least in the case where the >> <disk> element resolves to a filename rather than a network disk. > > I think it would be desirable, because while your current usage > may be safe with these assumptions, if someone refactors this > 6 months later they may not realize the security implications > of this code. v2 posted on those grounds. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list