On Sat, Dec 15, 2012 at 9:14 AM, Paolo Bonzini <pbonz...@redhat.com> wrote: >> > +#define QTEST_FILE_TEMP "/tmp/qtest-%d.sock" >> > +#define QTEST_QMP_FILE_TEMP "/tmp/qtest-%d.qmp" >> > +#define QTEST_PID_FILE_TEMP "/tmp/qtest-%d.pid" >> >> These filenames are too predictable from security point of view, > > This need not be secure as long as the file is created with 0600 > permissions. In fact, inspecting the pid file from the shell can > be useful.
Permissions do not help at all because the attacker could for example target overwriting of a critical file. > > However, using mkstemp() on a prefix that includes the parent pid > can indeed be the best of both worlds. Yes. > > Paolo
