https://bugzilla.redhat.com/show_bug.cgi?id=871756 Commit cd1e8d1 assumed that systems new enough to have journald also have mkostemp; but this is not true for uclibc. For that matter, use of mkstemp[s] is unsafe in a multi-threaded program. We should prefer mkostemp[s] in the first place. * bootstrap.conf (gnulib_modules): Add mkostemp, mkostemps; drop mkstemp and mkstemps. * cfg.mk (sc_prohibit_mkstemp): New syntax check. * tools/virsh.c (vshEditWriteToTempFile): Adjust caller. * src/qemu/qemu_driver.c (qemuDomainScreenshot) (qemudDomainMemoryPeek): Likewise. * src/secret/secret_driver.c (replaceFile): Likewise. * src/vbox/vbox_tmpl.c (vboxDomainScreenshot): Likewise. --- bootstrap.conf | 4 ++-- cfg.mk | 6 ++++++ src/qemu/qemu_driver.c | 8 ++++---- src/secret/secret_driver.c | 4 ++-- src/vbox/vbox_tmpl.c | 4 ++-- tools/virsh.c | 2 +- 6 files changed, 17 insertions(+), 11 deletions(-) diff --git a/bootstrap.conf b/bootstrap.conf index 5d391fd..59dd258 100644 --- a/bootstrap.conf +++ b/bootstrap.conf @@ -69,8 +69,8 @@ listen localeconv maintainer-makefile manywarnings -mkstemp -mkstemps +mkostemp +mkostemps mktempd net_if netdb diff --git a/cfg.mk b/cfg.mk index 50e6a50..cda04e4 100644 --- a/cfg.mk +++ b/cfg.mk @@ -339,6 +339,12 @@ sc_prohibit_fork_wrappers: halt='use virCommand for child processes' \ $(_sc_search_regexp) +# Prefer mkostemp with O_CLOEXEC. +sc_prohibit_mkstemp: + @prohibit='[^"]\<mkstemps? *\(' \ + halt='use mkostemp with O_CLOEXEC instead of mkstemp' \ + $(_sc_search_regexp) + # access with X_OK accepts directories, but we can't exec() those. # access with F_OK or R_OK is okay, though. sc_prohibit_access_xok: diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 3980c10..5baa1e7 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -3485,8 +3485,8 @@ qemuDomainScreenshot(virDomainPtr dom, goto endjob; } - if ((tmp_fd = mkstemp(tmp)) == -1) { - virReportSystemError(errno, _("mkstemp(\"%s\") failed"), tmp); + if ((tmp_fd = mkostemp(tmp, O_CLOEXEC)) == -1) { + virReportSystemError(errno, _("mkostemp(\"%s\") failed"), tmp); goto endjob; } unlink_tmp = true; @@ -9230,9 +9230,9 @@ qemudDomainMemoryPeek (virDomainPtr dom, } /* Create a temporary filename. */ - if ((fd = mkstemp (tmp)) == -1) { + if ((fd = mkostemp(tmp, O_CLOEXEC)) == -1) { virReportSystemError(errno, - _("mkstemp(\"%s\") failed"), tmp); + _("mkostemp(\"%s\") failed"), tmp); goto endjob; } diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c index 9ce1e33..51e1e46 100644 --- a/src/secret/secret_driver.c +++ b/src/secret/secret_driver.c @@ -171,9 +171,9 @@ replaceFile(const char *filename, void *data, size_t size) virReportOOMError(); goto cleanup; } - fd = mkstemp (tmp_path); + fd = mkostemp(tmp_path, O_CLOEXEC); if (fd == -1) { - virReportSystemError(errno, _("mkstemp('%s') failed"), tmp_path); + virReportSystemError(errno, _("mkostemp('%s') failed"), tmp_path); goto cleanup; } if (fchmod(fd, S_IRUSR | S_IWUSR) != 0) { diff --git a/src/vbox/vbox_tmpl.c b/src/vbox/vbox_tmpl.c index 32a903e..6f245da 100644 --- a/src/vbox/vbox_tmpl.c +++ b/src/vbox/vbox_tmpl.c @@ -9157,8 +9157,8 @@ vboxDomainScreenshot(virDomainPtr dom, return NULL; } - if ((tmp_fd = mkstemp(tmp)) == -1) { - virReportSystemError(errno, _("mkstemp(\"%s\") failed"), tmp); + if ((tmp_fd = mkostemp(tmp, O_CLOEXEC)) == -1) { + virReportSystemError(errno, _("mkostemp(\"%s\") failed"), tmp); VIR_FREE(tmp); VBOX_RELEASE(machine); return NULL; diff --git a/tools/virsh.c b/tools/virsh.c index f0ec625..5388c9e 100644 --- a/tools/virsh.c +++ b/tools/virsh.c @@ -565,7 +565,7 @@ vshEditWriteToTempFile(vshControl *ctl, const char *doc) vshError(ctl, "%s", _("out of memory")); return NULL; } - fd = mkstemps(ret, 4); + fd = mkostemps(ret, 4, O_CLOEXEC); if (fd == -1) { vshError(ctl, _("mkstemps: failed to create temporary file: %s"), virStrerror(errno, ebuf, sizeof(ebuf))); -- 1.7.11.7 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list