From mboxrd@z Thu Jan 1 00:00:00 1970 From: Gaurav Maheshbhai Patel Subject: Re: Instant Xen guest (guest-magic tool) Date: Sun, 15 Apr 2007 05:59:47 -0500 Message-ID: References: <20070411090617.GA24664@steve.org.uk> <20070411224200.GA18960@steve.org.uk> <20070412185212.GA1484@steve.org.uk> <20070415001906.GA6757@steve.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7BIT Return-path: In-reply-to: <20070415001906.GA6757@steve.org.uk> Content-language: en Content-disposition: inline List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org Thankyou very much steve, Its very helpful. Gaurav ----- Original Message ----- From: Steve Kemp Date: Saturday, April 14, 2007 7:19 pm Subject: Re: [Xen-devel] Instant Xen guest (guest-magic tool) To: Gaurav Maheshbhai Patel Cc: xen-devel@lists.xensource.com > On Sat, Apr 14, 2007 at 09:51:42AM -0500, Gaurav Maheshbhai Patel > wrote: > > The comment on /tmp/guestmagic was really good. > > I was wondering what if we use /tmp/$$ > > > > > commands.getoutput('xm list > /tmp/$$') > > > > Is it create the same problem as /tmp/guestmagic? > > Pretty much. Process IDs are still *predictable* since they > tend to be sequential under most systems. > > Still this is better than a static name. You should really > use a pipe. If you can't then use a secure filename which > can't be guessed by a local user. > > This is pretty off-topic for the xen list though, so I'll > just suggest you look at the Secure Programming Howto: > > http://www.dwheeler.com/secure-programs/Secure-Programs- > HOWTO/index.html > Specifically the section on temporary files being used in > races. > > Steve > -- >