Re: [Xen-devel] Instant Xen guest (guest-magic tool)

[Steve Kemp <steve@xxxxxxxxxxxx>]

On Tue, Apr 10, 2007 at 09:51:46PM -0500, Gaurav Maheshbhai Patel wrote:

> Give new guest domain name and memory. You Are Done!!!!!!!!!!!!!!! 
> We also successfully released it on sourceforge.net. 

> This is our first release. And development is in progress.
> Comments and suggestion is HIGHLY appriciated.

  Just two quick comments.

  Firstly it doesn't seem to do everything, just create an LVM volume
 and the configuration file.  I was hoping it would install fresh
 copies of Fedora/Debian/Gentoo/etc.

  Secondly you shouldn't really be using /tmp in the way that you
 are.  This is very dangerous:

        commands.getoutput('xm list > /tmp/guestmagic')

  "xm" has to be run as root, so what you're doing is writing the
 output of a command, as root, into a file in /tmp which anybody
 else upon the system might have created.

  Consider what happens if userA were to run:

        ln -s /tmp/guestmagic /etc/passwd

  The next time you run your application the password file would
 be trashed!

  I'd suggest you either use a pipe, or a secure *unpredictable*
 filename instead.

Steve
-- 
Debian GNU/Linux System Administration
http://www.debian-administration.org/


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel