From 6fdac09370530be0cc6fe9e8d425c0670ba994b1 Mon Sep 17 00:00:00 2001
From: "Michael S. Tsirkin" <mst@redhat.com>
Date: Thu, 1 Oct 2015 15:50:52 +0300
Subject: vhost-user-test: fix predictable filename on tmpfs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

vhost-user-test uses getpid to create a unique filename. This name is
predictable, and a security problem.  Instead, use a tmp directory
created by mkdtemp, which is a suggested best practice.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 tests/vhost-user-test.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'tests')

diff --git a/tests/vhost-user-test.c b/tests/vhost-user-test.c
index 5e63cbc..56df5cc 100644
--- a/tests/vhost-user-test.c
+++ b/tests/vhost-user-test.c
@@ -330,7 +330,7 @@ int main(int argc, char **argv)
         root = tmpfs;
     }
 
-    socket_path = g_strdup_printf("/tmp/vhost-%d.sock", getpid());
+    socket_path = g_strdup_printf("%s/vhost.sock", tmpfs);
 
     /* create char dev and add read handlers */
     qemu_add_opts(&qemu_chardev_opts);
-- 
cgit v1.1