On 10/18/19 4:03 AM, Max Reitz wrote:
-if [ ! -e "$TEST_DIR" ]; then
- mkdir "$TEST_DIR"
+tmp_sock_dir=false
+if [ -z "$SOCK_DIR" ]; then
+ SOCK_DIR=$(mktemp -d)
+ tmp_sock_dir=true
fi
+mkdir -p "$SOCK_DIR" || _init_error 'Failed to create SOCK_DIR'
Thinking about this again: if the user passed in a name, we probably
want to use it no matter whether the directory already exists (mkdir -p
makes sense: either the directory did not exist, or the user is in
charge of passing us a directory that they already secured). But if we
generate our own name in a world-writable location in /tmp, using mkdir
-p means someone else can race us to the creation of the directory, and
potentially populate it in a way to cause us a security hole while we
execute our tests.
I don’t quite see how this is a security hole. mktemp -d creates the
directory, so noone can race us.
Aha - I confused 'mktemp -u' (necessary for creating a socket name) and
'mktemp -d' (for directories). With that confusion cleared up, yes, the
directory is safely created (or else the burden is on the caller), so:
Reviewed-by: Eric Blake <ebl...@redhat.com>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org