Reviewed-by: Marc-André Lureau <marcandre.lur...@redhat.com>
On Thu, Oct 1, 2015 at 2:54 PM, Michael S. Tsirkin <m...@redhat.com> wrote:
> vhost-user-test uses getpid to create a unique filename. This name is
> predictable, and a security problem. Instead, use a tmp directory
> created by mkdtemp, which is a suggested best practice.
>
> Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
> ---
> tests/vhost-user-test.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tests/vhost-user-test.c b/tests/vhost-user-test.c
> index 5e63cbc..56df5cc 100644
> --- a/tests/vhost-user-test.c
> +++ b/tests/vhost-user-test.c
> @@ -330,7 +330,7 @@ int main(int argc, char **argv)
> root = tmpfs;
> }
>
> - socket_path = g_strdup_printf("/tmp/vhost-%d.sock", getpid());
> + socket_path = g_strdup_printf("%s/vhost.sock", tmpfs);
>
> /* create char dev and add read handlers */
> qemu_add_opts(&qemu_chardev_opts);
> --
> MST
>
>
--
Marc-André Lureau
