58311904a7
* All "qemu-img info" calls are now run under resource limitations that
limit CPU time to 2 seconds and address space usage to 1 GB. This
helps avoid any DoS attacks via malicious images.
* All "qemu-img convert" calls now specify the import format so that it
does not have to be inferred by qemu-img.
SecurityImpact
(Hemanth did all the work on this, I'm just doing the backport.)
Co-authored-by: Hemanth Makkapati <hemanth.makkapati@rackspace.com>
Closes-Bug: #1449062
(cherry picked from commit
|
||
---|---|---|
.. | ||
.placeholder | ||
60fdcaba00e30d02-start-using-reno.yaml | ||
InvalidImageStatusTransition-error-1505474-0d6103c0cacea429.yaml | ||
Prevent-removing-last-image-location-d5ee3e00efe14f34.yaml | ||
add-processlimits-to-qemu-img-c215f5d90f741d8a.yaml | ||
decrease-test-failure-on-second-change-1505675-47281bce0ce14d5a.yaml | ||
disallow-ACTIVE_IMMUTABLE-deactivated-1517060-1517963-bcebdeaa35746e52.yaml | ||
import-translations-df0ac95ed279d68a.yaml | ||
invalid-token-exception-handling-1504184-d06f2828ec7168cd.yaml | ||
move-store-config-in-tests-1522132-aebd1ad1663d5977.yaml | ||
pass-conf-to-logging-1505710-63230c1f4a411313.yaml | ||
stop-id-changes-after-creation-1483353-1483688-ddd3bfd7446de287.yaml | ||
switchclient-to-test-requirements-1512369-1eecc68fbb161251.yaml | ||
updated-requirements-c99564dbd040ae88.yaml |