Comment 1 for bug 1015531

Ouch :)

I would not blame the utils.execute() code though, it's a low-level primitive that just does what it's told to do.

The flaw is actually in nova/virt/disk/api.py which does not check that "path" is still within the image mount_dir in inject_files() or _inject_file_into_fs().