[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 1/3] qtest: Enable creation of multiple qemu ins
From: |
Blue Swirl |
Subject: |
Re: [Qemu-devel] [PATCH 1/3] qtest: Enable creation of multiple qemu instances |
Date: |
Sat, 15 Dec 2012 09:20:13 +0000 |
On Sat, Dec 15, 2012 at 9:14 AM, Paolo Bonzini <address@hidden> wrote:
>> > +#define QTEST_FILE_TEMP "/tmp/qtest-%d.sock"
>> > +#define QTEST_QMP_FILE_TEMP "/tmp/qtest-%d.qmp"
>> > +#define QTEST_PID_FILE_TEMP "/tmp/qtest-%d.pid"
>>
>> These filenames are too predictable from security point of view,
>
> This need not be secure as long as the file is created with 0600
> permissions. In fact, inspecting the pid file from the shell can
> be useful.
Permissions do not help at all because the attacker could for example
target overwriting of a critical file.
>
> However, using mkstemp() on a prefix that includes the parent pid
> can indeed be the best of both worlds.
Yes.
>
> Paolo
[Qemu-devel] [PATCH 3/3] qtest: add migrate-test, Jason Baron, 2012/12/13