glance

History

Brian Rosmaita 58311904a7 Adding constraints around qemu-img calls * All "qemu-img info" calls are now run under resource limitations that limit CPU time to 2 seconds and address space usage to 1 GB. This helps avoid any DoS attacks via malicious images. * All "qemu-img convert" calls now specify the import format so that it does not have to be inferred by qemu-img. SecurityImpact (Hemanth did all the work on this, I'm just doing the backport.) Co-authored-by: Hemanth Makkapati <hemanth.makkapati@rackspace.com> Closes-Bug: #1449062 (cherry picked from commit `69a9b659fd`) Change-Id: I65f30b85439a8811545b0ca590555528631954df	2016-09-27 16:11:17 -04:00
..
notes	Adding constraints around qemu-img calls	2016-09-27 16:11:17 -04:00
source	add "unreleased" release notes page	2015-11-10 12:19:09 -03:00

Brian Rosmaita 58311904a7 Adding constraints around qemu-img calls

* All "qemu-img info" calls are now run under resource limitations that
  limit CPU time to 2 seconds and address space usage to 1 GB. This
  helps avoid any DoS attacks via malicious images.
* All "qemu-img convert" calls now specify the import format so that it
  does not have to be inferred by qemu-img.

SecurityImpact

(Hemanth did all the work on this, I'm just doing the backport.)

Co-authored-by: Hemanth Makkapati <hemanth.makkapati@rackspace.com>
Closes-Bug: #1449062
(cherry picked from commit 69a9b659fd)

Change-Id: I65f30b85439a8811545b0ca590555528631954df

2016-09-27 16:11:17 -04:00

notes Adding constraints around qemu-img calls 2016-09-27 16:11:17 -04:00

source add "unreleased" release notes page 2015-11-10 12:19:09 -03:00