[openstack-dev] [nova][libvirt] Should file injection work for boot from volume images?

Daniel P. Berrange berrange at redhat.com
Wed Sep 25 10:16:58 UTC 2013


On Wed, Sep 25, 2013 at 12:02:03PM +0200, Thierry Carrez wrote:
> Christopher Yeoh wrote:
> > On Mon, Sep 23, 2013 at 10:56 PM, Russell Bryant <rbryant at redhat.com
> > <mailto:rbryant at redhat.com>> wrote:
> >     I agree with Monty and Thierry that ideally file injection should DIAF
> >     everywhere.  On that note, have we done anything with that in the v3
> >     API?  I propose we remove it completely.
> > 
> > It was separated from core as the os-personalities extension. So its very
> > easy to drop completely from the V3 API if we want to. Do you want me to
> > submit a changeset do do this
> > now (given the feature freeze) or wait until icehouse?
> 
> I actually would like to have a discussion at next summit of how to
> bring Nova's security to the next step. This will involve getting rid of
> risky operations when they are not so needed (like injecting files into
> mounted image filesystems), but we need to have an overall view (no
> point in removing that specific weak chain link if another remains as
> weak) to see where we can actually improve things significantly.

NB file injection is only insecure if you're using the impl that mounts
stuff on the host. The libguestfs impl of file injection is doing all
its work inside a single use, throwaway VM instance to confine any
possible exploits.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|



More information about the OpenStack-dev mailing list