From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Kemp Subject: Re: Instant Xen guest (guest-magic tool) Date: Sun, 15 Apr 2007 01:19:06 +0100 Message-ID: <20070415001906.GA6757@steve.org.uk> References: <20070411090617.GA24664@steve.org.uk> <20070411224200.GA18960@steve.org.uk> <20070412185212.GA1484@steve.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Gaurav Maheshbhai Patel Cc: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org On Sat, Apr 14, 2007 at 09:51:42AM -0500, Gaurav Maheshbhai Patel wrote: > The comment on /tmp/guestmagic was really good. > I was wondering what if we use /tmp/$$ > > > commands.getoutput('xm list > /tmp/$$') > > Is it create the same problem as /tmp/guestmagic? Pretty much. Process IDs are still *predictable* since they tend to be sequential under most systems. Still this is better than a static name. You should really use a pipe. If you can't then use a secure filename which can't be guessed by a local user. This is pretty off-topic for the xen list though, so I'll just suggest you look at the Secure Programming Howto: http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/index.html Specifically the section on temporary files being used in races. Steve --