qemu-trivial
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-trivial] [PATCH v6 09/10] tcg: check return value of fopen()


From: Richard Henderson
Subject: Re: [Qemu-trivial] [PATCH v6 09/10] tcg: check return value of fopen()
Date: Fri, 15 Aug 2014 06:53:19 -1000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.7.0

On 08/15/2014 05:03 AM, Michael Tokarev wrote:
>>>      f = fopen("/tmp/op.log", "w");
> 
> Gosh.  So why are we still use fixed filenames in /tmp?????
> Every such use is a potential security holw... :(  Ughm.
> 
> Can't we get rid of this somehow, by requiring a filename
> parameter for example?

It's in code that isn't compiled in by default.

Better than taking a parameter, or doing something else one-off, I think it'd
be best to dump this to the normal log file.  I.e. use qemu_log instead of 
fprintf.


r~



reply via email to

[Prev in Thread] Current Thread [Next in Thread]