On Fri, Jan 26, 2018 at 03:19:00PM +0100, Adrien Mazarguil wrote:
...
> +static int
> +mlx4_glue_init(void)
> +{
> + char file[] = "/tmp/" MLX4_DRIVER_NAME "_XXXXXX";
> + int fd = mkstemp(file);
...
> + while (off != mlx4_glue_lib_size) {
> + ssize_t ret;
> +
> + ret = write(fd, (const uint8_t *)mlx4_glue_lib + off,
> + mlx4_glue_lib_size - off);
> + if (ret == -1) {
> + if (errno != EINTR) {
> + rte_errno = errno;
> + goto glue_error;
> + }
> + ret = 0;
> + }
> + off += ret;
> + }
> + close(fd);
> + fd = -1;
> + handle = dlopen(file, RTLD_LAZY);
> + unlink(file);
This is a potential security issue. There are no guarantees that the
file dlopen() will open is the file that was just written above. It
could have been changed by something else in between.
Marcelo
