[pve-devel] [PATCH v2 storage 1/1] file_size_info: implement untrusted mode
Fiona Ebner
f.ebner at proxmox.com
Thu Nov 7 13:16:54 CET 2024
Am 04.11.24 um 11:42 schrieb Fabian Grünbichler:
> this allows checking some extra attributes for images which come from a
> potentially malicious source.
>
> since file_size_info is not part of the plugin API, no API bump is needed. if
> desired, a similar check could also be implemented in volume_size_info, which
> would entail bumping both APIVER and APIAGE (since the additional parameter
> would make checking untrusted volumes opt-in for external plugins).
>
> Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
> Reviewed-by: Fiona Ebner <f.ebner at proxmox.com>
Tested-by: Fiona Ebner <f.ebner at proxmox.com>
(FWIW it breaks my directory-based backup provider example in case of
incremental backups, because that relied on qcow2 backing files O:P)
> @@ -975,18 +985,34 @@ sub file_size_info {
> warn $err_output;
> }
> if (!$json) {
> + die "failed to query file information with qemu-img\n" if $untrusted;
git complains about "space before tab" here
More information about the pve-devel
mailing list