[libvirt] [PATCH] move ebiptables script out of /tmp

Jamie Strandboge jamie at canonical.com
Wed Jun 16 20:57:50 UTC 2010


On Wed, 2010-06-16 at 14:04 -0600, Eric Blake wrote:
> I'm with Stefan - the whole point of mkstemp is that the created file
> has 0600 permissions, and /tmp is restricted-deletion, so no other user
> can either overwrite the file contents or unlink it and replace it with
> an alternate file.  Then again, gnulib documents that glibc 2.0.7 or
> older would create a file with group/other permissions if the umask
> wasn't set prior to the mkstemp() call, and gnulib's mkstemp() does not
> work around this issue; but that's a rather old version of glibc to be
> worrying about.

This has nothing to do with mkstemp(). As I said, libvirt's use of it is
fine and there is no symlink race or security vulnerability by itself.

The issue is that use of /tmp is not required *and* it becomes difficult
to properly confine libvirtd via a MAC if you must allow execution of
files in /tmp. See my answer to Stefan's question for an example
scenario.

-- 
Jamie Strandboge             | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20100616/628833c8/attachment-0001.sig>


More information about the libvir-list mailing list