Aha, ok, thanks so much for clarifying, that makes way more sense now!

I was actually wondering if running such conversions inside some kind of namespaces (sandboxing) was raised as an option to isolate conversions from the rest of data and why it was rejected (if it was raised)?


On Sat, Jul 20, 2024, 13:50 <smooney@redhat.com> wrote:
On Fri, 2024-07-19 at 21:44 +0000, Jeremy Stanley wrote:
> On 2024-07-19 23:23:38 +0200 (+0200), Dmitriy Rabotyagov wrote:
> > Wait, I just started realizing the bugfix ..
> >
> > So basically all previously uploaded images not in raw format are
> > useless after upgrading so the safe version of cinder/nova?
> [...]
>
> I'm no expert in Glance matters, but my understanding is that with
> OSSA-2024-001 fixes in place you can't lie about the kind of image
> you're uploading. If you upload QCOW2 you must upload it as QCOW2
> type and not try to pretend that it's a raw image, or upload an ISO
> as ISO type and not try to claim that it's raw. If you want to
> upload a different image type than what the cloud wants you to
> upload, then Glance should still be able to perform image conversion
> for you as well.
>
> Previously, you could pretend a QCOW2 was raw, and then rely on
> QEmu's image auto-detection to figure out what it really was, but
> that's dangerous because QEmu is not intended to be used with
> untrusted images and some specially-crafted images can be used by an
> attacker to get copies of arbitrary files off the server where its
> tools (even the qemu-img executable) are run. Glance now has an image
> inspection feature which doesn't rely on QEmu itself to determine
> whether an image is safe enough to hand off to QEmu tools or might
> be used to root your cloud.

yes the way we mitigated this CVE was by adding logic that allow use to validate the source fromat
matches what it was specified as in glance.

so image conversion is still a thing that you can do
nova for example still allow you to configre the comptue hosts to use raw or qcow images
and you can then boot a vm form any format qemu can convert form provided you uploaded it to glance and declard the
format correctly

we have ci converge ensuring you can boot form a amazon ami image the cirros uec images
with nova configured to use qcow for the guest vm root disk.


all of that still works but if you upload a qcow as a raw image to glance
then nova and cinder will say "no you said this was raw this is unsafe" and refues to proceed.

we are currently missing that for iso format but its on our todo list to build out more tempest
coverage for image formats that are reasonable to use.

its still possible to have the old conversion behavior provided you dont lie about the format
when uploading it to glance. we also do other check to introspect the format for unsafe features.
for qcow backing files are an example of a generally unsafe feature.

qcow image used with openstack should be single file flat images with no refernce to backing files
or other external files.