[pve-devel] superseded: [PATCH storage/guest-common/qemu-server 0/3] harden import of file-based volumes

[Fabian Grünbichler]

v2 sent: https://lore.proxmox.com/pve-devel/20241104104221.228730-1-f.gruenbichler@proxmox.com

On August 9, 2024 1:22 pm, Fabian Grünbichler wrote:
> this series of patches implements additional hardening when copying
> potentially untrusted image files:
> - extend file_size_info helper which already does most of the work
> - add call to check imported volume in remote migration
> - add/adapt calls for `import-from` handling in Qemu
> 
> these are not problematic at the moment, and these patches just serve as
> additional hardening:
> - remote migration requires a special privilege, the source must already
>   be trusted
> - import-from only allows importing volumes already on the storage,
>   which are not untrusted but created by PVE itself, or by a user with
>   root privileges
> 
> the functionality in PVE::Storage should also be used for future
> additions where untrusted image files are processed:
> - Dominik's OVA import patch series
> - arbitrary disk image upload/download features
> 
> where not doing such checks might pose a security risk.
> 
> pve-guest-common:
> 
> Fabian Grünbichler (1):
>   storage tunnel: check just-imported image files
> 
>  src/PVE/StorageTunnel.pm | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> pve-storage:
> 
> Fabian Grünbichler (1):
>   file_size_info: implement untrusted mode
> 
>  src/PVE/Storage.pm        |  4 ++--
>  src/PVE/Storage/Plugin.pm | 35 ++++++++++++++++++++++++++++++-----
>  2 files changed, 32 insertions(+), 7 deletions(-)
> 
> qemu-server:
> 
> Fabian Grünbichler (1):
>   disk import: add additional safeguards for imported image files
> 
>  PVE/API2/Qemu.pm | 15 ++++++++++++---
>  1 file changed, 12 insertions(+), 3 deletions(-)
> 
> -- 
> 2.39.2
> 
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>