public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed
* [pve-devel] [PATCH v2 storage/guest-common/qemu-server 0/3] harden import of file-based volumes
@ 2024-11-04 10:42 Fabian Grünbichler
  2024-11-04 10:42 ` [pve-devel] [PATCH v2 guest-common 1/1] storage tunnel: check just-imported image files Fabian Grünbichler
                   ` (2 more replies)
  0 siblings, 3 replies; 8+ messages in thread
From: Fabian Grünbichler @ 2024-11-04 10:42 UTC (permalink / raw)
  To: pve-devel

this series of patches implements additional hardening when copying
potentially untrusted image files:
- extend file_size_info helper which already does most of the work
- add call to check imported volume in remote migration
- add/adapt calls for `import-from` handling in Qemu

these are not problematic at the moment, and these patches just serve as
additional hardening:
- remote migration requires a special privilege, the source must already
  be trusted
- import-from only allows importing volumes already on the storage,
  which are not untrusted but created by PVE itself, or by a user with
  root privileges

the functionality in PVE::Storage should also be used for future
additions where untrusted image files are processed:
- Dominik's OVA import patch series
- arbitrary disk image upload/download features

where not doing such checks might pose a security risk.

v1->v2:
- incorporate Fiona's feedback

pve-guest-common:

Fabian Grünbichler (1):
  storage tunnel: check just-imported image files

 src/PVE/StorageTunnel.pm | 8 ++++++++
 1 file changed, 8 insertions(+)

pve-storage:

Fabian Grünbichler (1):
  file_size_info: implement untrusted mode

 src/PVE/Storage.pm        |  4 ++--
 src/PVE/Storage/Plugin.pm | 36 +++++++++++++++++++++++++++++++-----
 2 files changed, 33 insertions(+), 7 deletions(-)

qemu-server:

Fabian Grünbichler (1):
  disk import: add additional safeguards for imported image files

 PVE/API2/Qemu.pm | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2024-11-14 18:14 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-11-04 10:42 [pve-devel] [PATCH v2 storage/guest-common/qemu-server 0/3] harden import of file-based volumes Fabian Grünbichler
2024-11-04 10:42 ` [pve-devel] [PATCH v2 guest-common 1/1] storage tunnel: check just-imported image files Fabian Grünbichler
2024-11-04 10:42 ` [pve-devel] [PATCH v2 storage 1/1] file_size_info: implement untrusted mode Fabian Grünbichler
2024-11-07 12:16   ` Fiona Ebner
2024-11-14  9:33   ` Dominik Csapak
2024-11-14 18:14   ` [pve-devel] applied: " Thomas Lamprecht
2024-11-04 10:42 ` [pve-devel] [PATCH v2 qemu-server 1/1] disk import: add additional safeguards for imported image files Fabian Grünbichler
2024-11-14  9:34   ` Dominik Csapak

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal