[Qemu-devel] [PULL 15/15] vhost-user-test: fix predictable filename on tmpfs

Michael S. Tsirkin Fri, 02 Oct 2015 08:16:49 -0700

vhost-user-test uses getpid to create a unique filename. This name is
predictable, and a security problem.  Instead, use a tmp directory
created by mkdtemp, which is a suggested best practice.


Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lur...@redhat.com>
---
 tests/vhost-user-test.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/vhost-user-test.c b/tests/vhost-user-test.c
index 5e63cbc..56df5cc 100644
--- a/tests/vhost-user-test.c
+++ b/tests/vhost-user-test.c
@@ -330,7 +330,7 @@ int main(int argc, char **argv)
         root = tmpfs;
     }
 
-    socket_path = g_strdup_printf("/tmp/vhost-%d.sock", getpid());
+    socket_path = g_strdup_printf("%s/vhost.sock", tmpfs);
 
     /* create char dev and add read handlers */
     qemu_add_opts(&qemu_chardev_opts);
-- 
MST

[Qemu-devel] [PULL 15/15] vhost-user-test: fix predictable filename on tmpfs

Reply via email to