On 3/1/21 9:41 AM, Daniel P. Berrangé wrote: > On Mon, Mar 01, 2021 at 03:31:59PM +0000, Stefan Hajnoczi wrote: >> The QMP monitor, NBD server, and vhost-user-blk export all support file >> descriptor passing. This is a useful technique because it allows the >> parent process to spawn and wait for qemu-storage-daemon without busy >> waiting, which may delay startup due to arbitrary sleep() calls. >> >> This Python example is inspired by the test case written for libnbd by >> Richard W.M. Jones <rjo...@redhat.com>: >> https://gitlab.com/nbdkit/libnbd/-/commit/89113f484effb0e6c322314ba75c1cbe07a04543 >> >> Thanks to Daniel P. Berrangé <berra...@redhat.com> for suggestions on >> how to get this working. Now let's document it! >>
>> + sock_path = '/tmp/qmp-{}.sock'.format(os.getpid()) > > Example code inevitably gets cut+paste into real world apps, and this > example is a tmpfile CVE flaw. At least put it in $CWD instead. Except $CWD may be too long for a sock file name to be created. Creating the sock in a securely-created subdirectory of /tmp is more reliable. -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org