[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Instant Xen guest (guest-magic tool)

On Sat, Apr 14, 2007 at 09:51:42AM -0500, Gaurav Maheshbhai Patel wrote:

> The comment on /tmp/guestmagic was really good.
> I was wondering what if we use /tmp/$$ 
> 
> >     commands.getoutput('xm list > /tmp/$$')
> 
> Is it create the same problem as /tmp/guestmagic?

  Pretty much.  Process IDs are still *predictable* since they
 tend to be sequential under most systems.

  Still this is better than a static name.  You should really
 use a pipe.  If you can't then use a secure filename which
 can't be guessed by a local user.

  This is pretty off-topic for the xen list though, so I'll
 just suggest you look at the Secure Programming Howto:

    http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/index.html

 Specifically the section on temporary files being used in 
 races.

Steve
-- 

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.