libvirt: Remove predictable named file in /tmp #169
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request correctly addresses a security vulnerability by replacing a predictably named temporary file in /tmp with a securely generated one using tempfile::NamedTempFile. This prevents potential TOCTOU race condition attacks. The change is well-implemented and improves the security of the application.
While reviewing, I noticed another instance of this vulnerability in the same file that was not addressed. In the ensure_default_pool function (line 637 of crates/kit/src/libvirt/run.rs), the file /tmp/default-pool.xml is created with a hardcoded, predictable path. This presents the same security risk that this PR aims to fix. It is recommended to also update this to use tempfile::NamedTempFile to fully resolve the security issue of using predictable file names in /tmp.
This one shouldn't have gotten through code review, I noticed it when debugging something else. Signed-off-by: Colin Walters <walters@verbum.org>
cgwalters
force-pushed
the
fix-predictable-tmp
branch
from
ba43ff0 to
a30e23b
Compare
2 participants
This one shouldn't have gotten through code review, I noticed it when debugging something else.