Go to file
aurel32 1e72d3b7ad add format= to drive options (CVE-2008-2004)
It is possible for a guest with a raw formatted disk image to write a
header to that disk image describing another format (such as qcow2).
Stopping and subsequent restart of the guest will cause qemu to detect
that format, and could allow the guest to read any host file if qemu is
sufficiently privileged (typical in virt environments).

The patch defaults to existing behaviour (probing based on file contents),
so it still requires the mgmt app (e.g. libvirt xml) to pass a new
"format=raw" parameter for raw disk images.

Originally noted by Avi Kivity, patch from Chris Wright.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4277 c046a42c-6fe2-441c-8c8c-71466251a162
2008-04-28 20:26:45 +00:00
audio Typo fix 2008-04-07 19:46:58 +00:00
darwin-user Fix some functions declared () rather than (void) (Ian Jackson) 2008-03-09 06:59:01 +00:00
fpu Assortment of soft-float fixes, by Aurelien Jarno. 2007-12-25 23:59:51 +00:00
hw qemu ppc uic: Order IRQ bit number as described in the UIC documentation. 2008-04-28 00:00:24 +00:00
keymaps find -type f | xargs sed -i 's/[\t ]$//g' # on most files 2007-09-16 21:08:06 +00:00
linux-user Add loop device ioctls (Gary Thomas). 2008-04-26 14:44:49 +00:00
pc-bios BIOS: Reenable processor SSDT generation. Don't advertise ACPI C2 or C3 2008-04-28 08:54:51 +00:00
slirp Treat DNS a special case among special addresses in slirp (Jason Wessel). 2008-04-27 21:45:18 +00:00
target-alpha Factorize code in translate.c 2008-04-28 00:32:32 +00:00
target-arm Factorize code in translate.c 2008-04-28 00:32:32 +00:00
target-cris Factorize code in translate.c 2008-04-28 00:32:32 +00:00
target-i386 Factorize code in translate.c 2008-04-28 00:32:32 +00:00
target-m68k Factorize code in translate.c 2008-04-28 00:32:32 +00:00
target-mips Factorize code in translate.c 2008-04-28 00:32:32 +00:00
target-ppc Factorize code in translate.c 2008-04-28 00:32:32 +00:00
target-sh4 Factorize code in translate.c 2008-04-28 00:32:32 +00:00
target-sparc Factorize code in translate.c 2008-04-28 00:32:32 +00:00
tcg HPPA (PA-RISC) host support 2008-04-12 20:14:54 +00:00
tests Remove remaining .cvsignore files 2008-04-03 03:13:16 +00:00
a.out.h 64bit->win32 cross build fix. 2007-03-04 00:52:16 +00:00
aes.c Fix miscellaneous minor things, by Andre Przywara. 2007-12-17 03:15:52 +00:00
aes.h AES crypto support 2004-08-01 21:54:53 +00:00
alpha-dis.c find -type f | xargs sed -i 's/[\t ]$//g' # on most files 2007-09-16 21:08:06 +00:00
alpha.ld alpha support 2003-04-29 20:53:42 +00:00
arm-dis.c Update ARM disassembler. 2007-11-10 17:38:00 +00:00
arm-semi.c Break up vl.h. 2007-11-17 17:14:51 +00:00
arm.ld Rewrite Arm host support. 2006-07-30 19:16:29 +00:00
block_int.h Revert fix for CVE-2008-0928. Will be fixed in a different way later. 2008-03-11 23:30:22 +00:00
block-bochs.c Split block API from vl.h. 2007-11-11 02:51:17 +00:00
block-cloop.c Split block API from vl.h. 2007-11-11 02:51:17 +00:00
block-cow.c Split block API from vl.h. 2007-11-11 02:51:17 +00:00
block-dmg.c Split block API from vl.h. 2007-11-11 02:51:17 +00:00
block-parallels.c Split block API from vl.h. 2007-11-11 02:51:17 +00:00
block-qcow2.c Revert fix for CVE-2008-0928. Will be fixed in a different way later. 2008-03-11 23:30:22 +00:00
block-qcow.c restore rw support for vvfat 2008-03-18 06:52:48 +00:00
block-raw-posix.c restore original values for ai.aio_threads and ai.aio_num 2008-01-06 18:53:07 +00:00
block-raw-win32.c Add "cache" parameter to "-drive" (Laurent Vivier). 2007-12-24 14:33:24 +00:00
block-vmdk.c Revert fix for CVE-2008-0928. Will be fixed in a different way later. 2008-03-11 23:30:22 +00:00
block-vpc.c Fix char* signedness, by Andre Przywara. 2007-12-16 03:16:05 +00:00
block-vvfat.c Fix some functions declared () rather than (void) (Ian Jackson) 2008-03-09 06:59:01 +00:00
block.c unlink the bs from bdrv-list upon bdrv_delete(bs) 2008-04-08 19:51:21 +00:00
block.h Revert fix for CVE-2008-0928. Will be fixed in a different way later. 2008-03-11 23:30:22 +00:00
bswap.h e1000: fix unaligned access 2008-03-28 22:30:48 +00:00
Changelog Update Changelog 2008-04-08 19:51:13 +00:00
check_ops.sh Fixes for s/390 host support, by Bastian Blank. 2007-11-18 21:22:10 +00:00
cocoa.m Let the USB tablet reach the far bottom and right pixels 2008-03-10 19:34:27 +00:00
configure more configure cleanups 2008-04-20 20:19:44 +00:00
console.c Add an ncurses UI. 2008-02-10 16:33:14 +00:00
console.h Add TSC2301 touchscreen & keypad controller. 2008-04-14 21:28:11 +00:00
COPYING distribution patches 2003-03-23 20:17:16 +00:00
COPYING.LIB update 2003-05-25 16:41:52 +00:00
cpu-all.h Use correct types to enable > 2G support, based on a patch from 2008-04-27 21:12:55 +00:00
cpu-defs.h Use correct types to enable > 2G support, based on a patch from 2008-04-27 21:12:55 +00:00
cpu-exec.c x86: Introduce CPU_INTERRUPT_NMI 2008-04-13 16:08:15 +00:00
cris-dis.c CRIS disassembler, originally from binutils, by Edgar E. Iglesias. 2007-10-08 12:45:38 +00:00
curses_keys.h Typo in curses_keys.h. 2008-03-18 06:55:27 +00:00
curses.c The non-ncurses curses doesn't have resize_term, so make resizing conditional. 2008-02-22 18:21:28 +00:00
cutils.c Remove osdep.c/qemu-img code duplication 2008-04-11 21:35:42 +00:00
d3des.c Actually add d3des implementation files. 2007-08-25 02:09:50 +00:00
d3des.h Actually add d3des implementation files. 2007-08-25 02:09:50 +00:00
dis-asm.h HPPA (PA-RISC) host support 2008-04-12 20:14:54 +00:00
disas.c HPPA (PA-RISC) host support 2008-04-12 20:14:54 +00:00
disas.h monitor_disas() prototype change 2005-11-21 23:35:10 +00:00
dyngen-exec.h HPPA (PA-RISC) host support 2008-04-12 20:14:54 +00:00
dyngen.c fix dyngen on HPPA hosts 2008-04-20 20:19:54 +00:00
elf_ops.h Add statics and missing #includes for prototypes. 2007-11-18 01:44:38 +00:00
elf.h Report missing elf_addr_t definition from Linux kernel header 2007-10-07 16:07:25 +00:00
exec-all.h Factorize code in translate.c 2008-04-28 00:32:32 +00:00
exec.c Fix a typo introduced in revision 4272 2008-04-28 08:54:59 +00:00
gdbstub.c Improve readability by moving the continue operation into aseparate function. 2008-03-14 06:10:42 +00:00
gdbstub.h Allow gdbstub to connect over any serial device. 2007-02-22 01:48:01 +00:00
host-utils.c Code used by the linux-user targets should not use vl.h. 2007-11-05 13:01:41 +00:00
host-utils.h Code formatting. 2007-12-18 01:58:05 +00:00
hostregs_helper.h Fix 64-bit host register corruption. 2007-02-04 13:37:44 +00:00
hpet.h Add a local copy of hpet.h. 2007-09-16 20:03:23 +00:00
hppa-dis.c HPPA (PA-RISC) host support 2008-04-12 20:14:54 +00:00
hppa.ld HPPA (PA-RISC) host support 2008-04-12 20:14:54 +00:00
i386-dis.c Add statics and missing #includes for prototypes. 2007-11-18 01:44:38 +00:00
i386.ld redhat 9 fix 2003-10-28 00:47:19 +00:00
ia64.ld ia64 host support (David Mosberger) 2005-04-07 22:20:31 +00:00
keymaps.c Miscellaneous VNC related fixes from Xen forwarded by Matthew Kent. 2007-10-30 22:38:53 +00:00
kqemu.c Remove osdep.c/qemu-img code duplication 2008-04-11 21:35:42 +00:00
kqemu.h find -type f | xargs sed -i 's/[\t ]$//g' # on most files 2007-09-16 21:08:06 +00:00
LICENSE use the TCG code generator 2008-02-01 10:50:11 +00:00
loader.c Add statics and missing #includes for prototypes. 2007-11-18 01:44:38 +00:00
m68k-dis.c find -type f | xargs sed -i 's/[\t ]*$//g' # Yes, again. Note the star in the regex. 2007-09-17 08:09:54 +00:00
m68k-semi.c Break up vl.h. 2007-11-17 17:14:51 +00:00
m68k.ld m68k host port (Richard Zidlicky) 2003-08-10 22:14:22 +00:00
Makefile Copy Sparc64 firmware when installing (Hervé Poussineau) 2008-04-23 19:38:07 +00:00
Makefile.target ARM: Marvell 88w8618 / MusicPal emulation (Jan Kiszka). 2008-04-24 19:21:53 +00:00
mips-dis.c find -type f | xargs sed -i 's/[\t ]*$//g' # Yes, again. Note the star in the regex. 2007-09-17 08:09:54 +00:00
mips.ld Linker scripts for MIPS hosts. 2007-05-05 19:24:38 +00:00
mipsel.ld Linker scripts for MIPS hosts. 2007-05-05 19:24:38 +00:00
monitor.c Add a monitor command to raise NMI 2008-04-27 23:52:12 +00:00
net.h Break up vl.h. 2007-11-17 17:14:51 +00:00
osdep.c Use correct types to enable > 2G support, based on a patch from 2008-04-27 21:12:55 +00:00
osdep.h Remove osdep.c/qemu-img code duplication 2008-04-11 21:35:42 +00:00
ppc-dis.c find -type f | xargs sed -i 's/[\t ]$//g' # on most files 2007-09-16 21:08:06 +00:00
ppc.ld Update ppc.ld to work with newer binutils. 2007-04-28 19:00:30 +00:00
qemu_socket.h Use WIN32_LEAN_AND_MEAN, by Stefan Weil. 2007-12-17 04:42:29 +00:00
qemu-binfmt-conf.sh Code provision for n32/n64 mips userland emulation. Not functional yet. 2007-09-30 01:58:33 +00:00
qemu-char.h Add input buffer to mux chr (patch by Tristan Gingold). 2007-11-25 00:55:06 +00:00
qemu-common.h Remove osdep.c/qemu-img code duplication 2008-04-11 21:35:42 +00:00
qemu-doc.texi add format= to drive options (CVE-2008-2004) 2008-04-28 20:26:45 +00:00
qemu-img.c Remove osdep.c/qemu-img code duplication 2008-04-11 21:35:42 +00:00
qemu-img.texi vmdk compatibility level 6 images, by Soren Hansen. 2007-09-16 21:59:02 +00:00
qemu-tech.texi 128-bit float support for user mode 2007-11-25 18:40:20 +00:00
qemu-timer.h Break up vl.h. 2007-11-17 17:14:51 +00:00
readline.c Handle history additions properly, by Andreas Schwab. 2007-12-17 20:31:43 +00:00
README update 2005-02-10 21:46:47 +00:00
s390-dis.c Revert licensing to "GPLv2 or later", by Ulrich Hecht. 2008-01-17 13:56:59 +00:00
s390.ld update 2003-04-29 21:34:02 +00:00
sdl_keysym.h Windows keys support with keymaps 2005-03-01 21:43:42 +00:00
sdl.c SDL: Fix dead keys 2008-04-13 16:08:37 +00:00
sh4-dis.c find -type f | xargs sed -i 's/[\t ]*$//g' # Yes, again. Note the star in the regex. 2007-09-17 08:09:54 +00:00
softmmu_exec.h Replace is_user variable with mmu_idx in softmmu core, 2007-10-14 07:07:08 +00:00
softmmu_header.h use simpler REGPARM convention - make CPUTLBEntry size a power of two 2008-01-31 09:22:27 +00:00
softmmu_template.h use simpler REGPARM convention - make CPUTLBEntry size a power of two 2008-01-31 09:22:27 +00:00
softmmu-semi.h suppressed tgetx and tputx (initial patch by Thayne Harbaugh) 2007-11-16 10:46:05 +00:00
sparc64.ld More detabification 2007-10-06 11:28:21 +00:00
sparc-dis.c More detabification 2007-10-06 11:28:21 +00:00
sparc.ld More detabification 2007-10-06 11:28:21 +00:00
sysemu.h Use correct types to enable > 2G support, based on a patch from 2008-04-27 21:12:55 +00:00
tap-win32.c Use WIN32_LEAN_AND_MEAN, by Stefan Weil. 2007-12-17 04:42:29 +00:00
texi2pod.pl Update texi2pod.pl. 2008-02-04 14:47:49 +00:00
thunk.c Fix attempt to inline recursive functions. 2007-11-19 01:06:24 +00:00
thunk.h Fix attempt to inline recursive functions. 2007-11-19 01:06:24 +00:00
TODO update 2008-02-01 10:03:18 +00:00
translate-all.c Factorize code in translate.c 2008-04-28 00:32:32 +00:00
uboot_image.h Simple u-boot image loading support. 2007-03-06 23:52:01 +00:00
usb-linux.c Add statics and missing #includes for prototypes. 2007-11-18 01:44:38 +00:00
VERSION version change 2008-01-06 17:10:54 +00:00
vgafont.h virtual console 2004-07-14 17:39:50 +00:00
vl.c add format= to drive options (CVE-2008-2004) 2008-04-28 20:26:45 +00:00
vnc_keysym.h Miscellaneous VNC related fixes from Xen forwarded by Matthew Kent. 2007-10-30 22:38:53 +00:00
vnc.c Fix spurious VNC disconnects on Win32 (Hervé Poussineau). 2008-04-24 23:40:55 +00:00
vnchextile.h Fix wrong signedness, by Andre Przywara. 2007-12-16 03:02:09 +00:00
x86_64.ld update 2005-01-06 20:50:00 +00:00
x_keymap.c Add statics and missing #includes for prototypes. 2007-11-18 01:44:38 +00:00

Read the documentation in qemu-doc.html.

Fabrice Bellard.