On Mon, Mar 01, 2021 at 09:49:21AM -0600, Eric Blake wrote: > On 3/1/21 9:41 AM, Daniel P. Berrangé wrote: > > On Mon, Mar 01, 2021 at 03:31:59PM +0000, Stefan Hajnoczi wrote: > >> The QMP monitor, NBD server, and vhost-user-blk export all support file > >> descriptor passing. This is a useful technique because it allows the > >> parent process to spawn and wait for qemu-storage-daemon without busy > >> waiting, which may delay startup due to arbitrary sleep() calls. > >> > >> This Python example is inspired by the test case written for libnbd by > >> Richard W.M. Jones <rjo...@redhat.com>: > >> https://gitlab.com/nbdkit/libnbd/-/commit/89113f484effb0e6c322314ba75c1cbe07a04543 > >> > >> Thanks to Daniel P. Berrangé <berra...@redhat.com> for suggestions on > >> how to get this working. Now let's document it! > >> > > >> + sock_path = '/tmp/qmp-{}.sock'.format(os.getpid()) > > > > Example code inevitably gets cut+paste into real world apps, and this > > example is a tmpfile CVE flaw. At least put it in $CWD instead. > > Except $CWD may be too long for a sock file name to be created. > Creating the sock in a securely-created subdirectory of /tmp is more > reliable.
$XDG_RUNTIME_DIR then, which is /run/user/$UID, so safely per user on all modern OS. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
