qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] Convert fprintf() to error_request(): virtio-9p

From: Stefan Hajnoczi
Subject: Re: [Qemu-devel] [PATCH] Convert fprintf() to error_request(): virtio-9p
Date: Wed, 1 Dec 2010 09:35:50 +0000 
On Tue, Nov 30, 2010 at 9:52 AM, Sanchit Garg
<address@hidden> wrote:
> @@ -3707,19 +3708,19 @@ VirtIODevice *virtio_9p_init(DeviceState *dev, 
> V9fsConf *conf)
>         s->ctx.fs_sm = SM_NONE;
>         s->ctx.xops = none_xattr_ops;
>     } else {
> -        fprintf(stderr, "Default to security_model=none. You may want"
> +        error_report("Default to security_model=none. You may want"
>                 " enable advanced security model using "
>                 "security option:\n\t security_model=passthrough \n\t "
> -                "security_model=mapped\n");
> +                "security_model=mapped");
>         s->ctx.fs_sm = SM_NONE;
>         s->ctx.xops = none_xattr_ops;
>     }

It would be safer to avoid embedded \n\t.  Although I can't find
anything prohibiting it in the source, no other place does this.
Program output is easier to handle when constrained to one message per
line.  Security issues arise when unfiltered inputs are logged *and*
linebreaks are allowed because malicious input can inject fake log
lines.  Let's avoid getting into the habit.

Looks good otherwise.

Stefan
reply via email to
[Prev in Thread] Current Thread [Next in Thread]