On 09/12/2017 09:44 AM, Paolo Bonzini wrote: > The variable is used in "common" but defined only after the file > is sourced. > > Signed-off-by: Paolo Bonzini <pbonz...@redhat.com> > --- > tests/qemu-iotests/check | 2 -- > tests/qemu-iotests/common | 2 ++ > 2 files changed, 2 insertions(+), 2 deletions(-) >
Reviewed-by: Eric Blake <ebl...@redhat.com>
> +tmp="${TEST_DIR}"/$$
Pre-existing to your code motion, but would we be any safer if $tmp also
included a use of $RANDOM? (The $$ already protects us from collisions
with a parallel run, but it is easy to guess, so if $tmp is used to
create any file that an attacker can access, running the testsuite may
expose a machine to a symlink or other attack - but we probably have
lots of those things to audit for before we can recommend running the
testsuite in an untrusted environment).
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature
