[libvirt] [PATCH v2 REPOST 2/8] Qemu arbitrary command-line arguments.

Chris Lalancette clalance at redhat.com
Fri Jul 2 13:29:00 UTC 2010


On 07/02/10 - 07:06:34AM, Eric Blake wrote:
> On 07/02/2010 07:01 AM, Chris Lalancette wrote:
> >>
> >> Do we need to validate that the resulting name is valid (starts with a
> >> letter, and contains only alphanumeric and _)?  arg and env_value can
> >> obviously be arbitrary strings, but not env_name.
> > 
> > Hm, interesting, I didn't know that rule about environment variable names.
> > That is a good check to make, I'll add it.
> 
> Technically, any string that does not contain = can be inserted as an
> environment name, but then you can't access them from the shell.  So
> it's best to restrict environment names to portable names (basically,
> the same set as shell variable names).

Interesting point.  Since we are directly invoking qemu with execve, in
theory, qemu could access an environment name that doesn't conform to the
shell's rules.  That being said, since many people are invoking qemu through
a shell, I doubt qemu would do something like that.

So what do we think; add the restriction, or no?

> 
> Also, does the .rng relaxed schema have a way to express the limitation
> on valid env_names, for your patch 8/8?

Yeah, there is a way to add patterns to the RNG, if we decide to restrict
the environment variables.

--
Chris Lalancette




More information about the libvir-list mailing list