From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marcelo Ricardo Leitner Subject: Re: [PATCH v2 2/4] net/mlx4: spawn rdma-core dependency plug-in Date: Sat, 27 Jan 2018 13:03:06 -0200 Message-ID: <20180127150306.GH3494@localhost.localdomain> References: <20180124223625.1928-1-adrien.mazarguil@6wind.com> <20180126141215.30395-1-adrien.mazarguil@6wind.com> <20180126141215.30395-3-adrien.mazarguil@6wind.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Shahaf Shuler , Nelio Laranjeiro , dev@dpdk.org To: Adrien Mazarguil Return-path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dpdk.org (Postfix) with ESMTP id 7E0C41B023 for ; Sat, 27 Jan 2018 16:03:10 +0100 (CET) Content-Disposition: inline In-Reply-To: <20180126141215.30395-3-adrien.mazarguil@6wind.com> List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On Fri, Jan 26, 2018 at 03:19:00PM +0100, Adrien Mazarguil wrote: ... > +static int > +mlx4_glue_init(void) > +{ > + char file[] = "/tmp/" MLX4_DRIVER_NAME "_XXXXXX"; > + int fd = mkstemp(file); ... > + while (off != mlx4_glue_lib_size) { > + ssize_t ret; > + > + ret = write(fd, (const uint8_t *)mlx4_glue_lib + off, > + mlx4_glue_lib_size - off); > + if (ret == -1) { > + if (errno != EINTR) { > + rte_errno = errno; > + goto glue_error; > + } > + ret = 0; > + } > + off += ret; > + } > + close(fd); > + fd = -1; > + handle = dlopen(file, RTLD_LAZY); > + unlink(file); This is a potential security issue. There are no guarantees that the file dlopen() will open is the file that was just written above. It could have been changed by something else in between. Marcelo