|
From: | zhanghailiang |
Subject: | Re: [Qemu-trivial] [PATCH v6 09/10] tcg: check return value of fopen() |
Date: | Mon, 18 Aug 2014 14:21:32 +0800 |
User-agent: | Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20120327 Thunderbird/11.0.1 |
On 2014/8/16 0:53, Richard Henderson wrote:
On 08/15/2014 05:03 AM, Michael Tokarev wrote:f = fopen("/tmp/op.log", "w");Gosh. So why are we still use fixed filenames in /tmp????? Every such use is a potential security holw... :( Ughm. Can't we get rid of this somehow, by requiring a filename parameter for example?It's in code that isn't compiled in by default. Better than taking a parameter, or doing something else one-off, I think it'd be best to dump this to the normal log file. I.e. use qemu_log instead of fprintf.
Hmm, i agreed. I will get rid of this, and use qemu_log instead. Thanks.:)
[Prev in Thread] | Current Thread | [Next in Thread] |