public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed
* [pve-devel] [PATCH storage/guest-common/qemu-server 0/3] harden import of file-based volumes
@ 2024-08-09 11:22 Fabian Grünbichler
  2024-08-09 11:22 ` [pve-devel] [PATCH guest-common 1/1] storage tunnel: check just-imported image files Fabian Grünbichler
                   ` (3 more replies)
  0 siblings, 4 replies; 8+ messages in thread
From: Fabian Grünbichler @ 2024-08-09 11:22 UTC (permalink / raw)
  To: pve-devel

this series of patches implements additional hardening when copying
potentially untrusted image files:
- extend file_size_info helper which already does most of the work
- add call to check imported volume in remote migration
- add/adapt calls for `import-from` handling in Qemu

these are not problematic at the moment, and these patches just serve as
additional hardening:
- remote migration requires a special privilege, the source must already
  be trusted
- import-from only allows importing volumes already on the storage,
  which are not untrusted but created by PVE itself, or by a user with
  root privileges

the functionality in PVE::Storage should also be used for future
additions where untrusted image files are processed:
- Dominik's OVA import patch series
- arbitrary disk image upload/download features

where not doing such checks might pose a security risk.

pve-guest-common:

Fabian Grünbichler (1):
  storage tunnel: check just-imported image files

 src/PVE/StorageTunnel.pm | 7 +++++++
 1 file changed, 7 insertions(+)

pve-storage:

Fabian Grünbichler (1):
  file_size_info: implement untrusted mode

 src/PVE/Storage.pm        |  4 ++--
 src/PVE/Storage/Plugin.pm | 35 ++++++++++++++++++++++++++++++-----
 2 files changed, 32 insertions(+), 7 deletions(-)

qemu-server:

Fabian Grünbichler (1):
  disk import: add additional safeguards for imported image files

 PVE/API2/Qemu.pm | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

-- 
2.39.2



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2024-11-04 10:43 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-08-09 11:22 [pve-devel] [PATCH storage/guest-common/qemu-server 0/3] harden import of file-based volumes Fabian Grünbichler
2024-08-09 11:22 ` [pve-devel] [PATCH guest-common 1/1] storage tunnel: check just-imported image files Fabian Grünbichler
2024-09-10 11:33   ` Fiona Ebner
2024-08-09 11:22 ` [pve-devel] [PATCH storage 1/1] file_size_info: implement untrusted mode Fabian Grünbichler
2024-09-10 11:33   ` Fiona Ebner
2024-08-09 11:22 ` [pve-devel] [PATCH qemu-server 1/1] disk import: add additional safeguards for imported image files Fabian Grünbichler
2024-09-10 11:33   ` Fiona Ebner
2024-11-04 10:43 ` [pve-devel] superseded: [PATCH storage/guest-common/qemu-server 0/3] harden import of file-based volumes Fabian Grünbichler

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal