Persist image format to a file, to prevent attacks based on changing it

The attack is based on creating a raw image that looks like a qcow2 image, and taking advantage of the code that used 'qemu-img info' to autodetect the image format. Now we store the image format to a 'disk.info' file, for Qcow2 and Raw images, and only autodetect for images that have never been written to that file. SecurityImpact Conflicts: nova/virt/libvirt/imagebackend.py Manual tweaks to some mocking in test_imagebackend.py Change-Id: I2016efdb3f49a44ec4d677ac596eacc97871f30a Co-authored-by: Nikola Dipanov <ndipanov@redhat.com> Closes-bug: #1221190
openstack · Mar 27, 2014 · 25e761a · 25e761a
1 parent 53acc09
commit 25e761a
Show file tree

Hide file tree

Showing 6 changed files with 403 additions and 64 deletions.
diff --git a/nova/exception.py b/nova/exception.py
@@ -449,6 +449,14 @@ class InvalidDiskFormat(Invalid):
     msg_fmt = _("Disk format %(disk_format)s is not acceptable")
 
 
+class InvalidDiskInfo(Invalid):
+    msg_fmt = _("Disk info file is invalid: %(reason)s")
+
+
+class DiskInfoReadWriteFail(Invalid):
+    msg_fmt = _("Failed to read or write disk info file: %(reason)s")
+
+
 class ImageUnacceptable(Invalid):
     msg_fmt = _("Image %(image_id)s is unacceptable: %(reason)s")