[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-trivial] [PATCH] block: Don't forget to delete temporary file
|
From: |
Dunrong Huang |
|
Subject: |
Re: [Qemu-trivial] [PATCH] block: Don't forget to delete temporary file |
|
Date: |
Thu, 6 Sep 2012 11:47:31 +0800 |
2012/9/6 Eric Blake <address@hidden>:
> On 09/05/2012 10:23 AM, Paolo Bonzini wrote:
>> And finally, the whole get_tmp_filename is unsafe because there is a
>> race window between closing and reopening the file, if the directory is
>> writable and does not have the sticky bit.
>>
>> So the patch is an improvement, but there is still something unpleasing
>> in this code...
>
> I absolutely agree that there is a nasty race here. If you aren't going
> to use the fd, then mktemp() is sufficient (and just as racy, but then
> you are at least honest that you don't care about the race); in all
Yes, using mktemp() in get_tmp_filename() is ok because we dont
care about race, but for old gcc version, e.g. for version 4.4, we will get
a annoying unsecure warning "warning: the use of `mktemp' is
dangerous, better use `mkstemp'",
which breaks build.
> other situations, if you want a temporary file name but want to avoid a
> race, then it feels like you should be returning the fd from mkstemp()
> still open (or at a bare minimum, auditing ALL callers to make sure they
> only use the temporary name with O_CREAT|O_EXCL, and that they retry in
> a loop in case they lose the race, at which point they are reinventing
> the loop already done on their behalf by mkstemp()...).
>
> --
> Eric Blake address@hidden +1-919-301-3266
> Libvirt virtualization library http://libvirt.org
>
--
Best Regards,
Dunrong Huang
Re: [Qemu-trivial] [Qemu-devel] [PATCH] block: Don't forget to delete temporary file, Kevin Wolf, 2012/09/11