On 12/1/2010 1:35 AM, Stefan Hajnoczi wrote:
> On Tue, Nov 30, 2010 at 9:52 AM, Sanchit Garg
> <sancg...@linux.vnet.ibm.com> wrote:
>> @@ -3707,19 +3708,19 @@ VirtIODevice *virtio_9p_init(DeviceState *dev,
>> V9fsConf *conf)
>> s->ctx.fs_sm = SM_NONE;
>> s->ctx.xops = none_xattr_ops;
>> } else {
>> - fprintf(stderr, "Default to security_model=none. You may want"
>> + error_report("Default to security_model=none. You may want"
>> " enable advanced security model using "
>> "security option:\n\t security_model=passthrough \n\t "
>> - "security_model=mapped\n");
>> + "security_model=mapped");
>> s->ctx.fs_sm = SM_NONE;
>> s->ctx.xops = none_xattr_ops;
>> }
>
> It would be safer to avoid embedded \n\t. Although I can't find
> anything prohibiting it in the source, no other place does this.
> Program output is easier to handle when constrained to one message per
> line. Security issues arise when unfiltered inputs are logged *and*
> linebreaks are allowed because malicious input can inject fake log
> lines. Let's avoid getting into the habit.
Embedded breaks were introduced to give more readable and formatted output.
Stafan do you suggest to print the entire message in one line?
- JV
>
> Looks good otherwise.
>
> Stefan
>
