[Libguestfs] qemu command line quoting (was: Re: [PATCH 0/5] rbd improvements)

On Thu, May 9, 2013 at 12:21 PM, Richard W.M. Jones <rjones(a)redhat.com&gt; wrote: > On Thu, May 09, 2013 at 11:23:55AM -0400, Mike Kelly wrote: >> On Wed, May 8, 2013 at 6:53 AM, Richard W.M. Jones <rjones(a)redhat.com&gt; wrote: >> > One worry I have is whether quoting is required for the server >> > name(s), export name, username and secret. >> >> Well. I think the main things we had to quote were ':' and ';', but >> none of those are valid in a hostname. Username also probably doesn't >> contain anything special, and secret is a base64-encoded string. I >> confirmed that even with the string ending in '==', it was parsed just >> fine by qemu, at least in my limited manual testing. >> >> If you can suggest a way to be more robust this, though, then I can >> try to work that into a future patch series. > > The quoting problem happens when someone writes a program which takes > (eg) a hostname string from the user and passes it unmodified to the > guestfs API. It's an issue if this string can cause unexpected [even > malicious/exploitable] things to happen when passed unquoted on the > qemu command line. Well, I'm not sure if this way of setting things up is still encouraged, but at least this documentation suggests basically using the fact that libvirt won't quote the image name as a "feature": http://ceph.com/w/index.php?title=QEMU-RBD#Caching <disk type='network' device='disk'> <source protocol='rbd' name='poolname/imagename:rbd_cache=1:rbd_cache_size=67108864:rbd_cache_max_dirty=0'/>

<driver name='qemu' type='rbd'/> <target dev='vda' bus='virtio'/> </disk> The more official documentation for configuring caching doesn't seem to make any specific mention of this: http://ceph.com/docs/master/rbd/qemu-rbd/#qemu-cache-options http://ceph.com/docs/master/rbd/libvirt/ http://ceph.com/docs/master/rbd/rbd-config-ref/