Message ID | 1443704057-13873-2-git-send-email-mst@redhat.com |
---|---|
State | New |
Headers | show |
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> On Thu, Oct 1, 2015 at 2:54 PM, Michael S. Tsirkin <mst@redhat.com> wrote: > vhost-user-test uses getpid to create a unique filename. This name is > predictable, and a security problem. Instead, use a tmp directory > created by mkdtemp, which is a suggested best practice. > > Signed-off-by: Michael S. Tsirkin <mst@redhat.com> > --- > tests/vhost-user-test.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/tests/vhost-user-test.c b/tests/vhost-user-test.c > index 5e63cbc..56df5cc 100644 > --- a/tests/vhost-user-test.c > +++ b/tests/vhost-user-test.c > @@ -330,7 +330,7 @@ int main(int argc, char **argv) > root = tmpfs; > } > > - socket_path = g_strdup_printf("/tmp/vhost-%d.sock", getpid()); > + socket_path = g_strdup_printf("%s/vhost.sock", tmpfs); > > /* create char dev and add read handlers */ > qemu_add_opts(&qemu_chardev_opts); > -- > MST > >
diff --git a/tests/vhost-user-test.c b/tests/vhost-user-test.c index 5e63cbc..56df5cc 100644 --- a/tests/vhost-user-test.c +++ b/tests/vhost-user-test.c @@ -330,7 +330,7 @@ int main(int argc, char **argv) root = tmpfs; } - socket_path = g_strdup_printf("/tmp/vhost-%d.sock", getpid()); + socket_path = g_strdup_printf("%s/vhost.sock", tmpfs); /* create char dev and add read handlers */ qemu_add_opts(&qemu_chardev_opts);
vhost-user-test uses getpid to create a unique filename. This name is predictable, and a security problem. Instead, use a tmp directory created by mkdtemp, which is a suggested best practice. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> --- tests/vhost-user-test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)