[Libguestfs] [PATCH 2/2] builder: consolidate handling of temporary files/dirs
Richard W.M. Jones
rjones at redhat.com
Mon Oct 24 19:06:43 UTC 2016
My only comment on this series is it's hard to understand what
the ?tmpdir parameter actually does without examining the code.
It specifically means that the Curl module writes a security-
sensitive file to this directory (or the global tmpdir), and if
the caller specifies ?tmpdir then it is their responsibility
to remove the tmpdir later -- otherwise the file containing
passwords etc is left around.
Explaining it like that makes me think the deferred unlink when
tmpdir is specified is a mistake. The Curl module should always delete
the file as soon as it can, even though it's not strictly necessary.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://libguestfs.org
More information about the Libguestfs
mailing list