On Tue, Mar 06, 2007 at 01:55:19PM +0900, Kazuki Mizushima wrote:
>My other problem is the use of stat(2) (or access) to determine if a
>file exists, since we up on slippy ground if this is relied upon in a
>security-related context. It's better to make the atomic open(2) call
>fail instead (which is actually what happens in current libxc).
Thank you for your indication.
I misunderstand that xenXMDriver uses stat whether file is existing or not.
The xenXMDriver uses it which isn't a file(S_ISREG).
BTW, the 'xenXMDriver' is a rather special beast, so I wouldn't neccessarily
use it as a guide for good practice in libvirt :-) XenD only got support for
managing inactive domains (aka lifecycle support) in version 3.0.4. With
older versions of Xen, there is no way to enumerate inactive domains. So
we invented the 'xenXMDriver' which reads config files from /etc/xen to
determine list of inactive guests. This code is only used on Xen 3.0.3
or older and is fairly limited in what it supports compared to the new XenD
lifecycle code.
Since xenXMDriver doesn't talk to XenD at all, it operates in more or
less the same context as the client app using libvirt, so in this
circumstance it is validate to use stat() and other file access calls
like that. For any code related to XenD though, file access checks and
changes need to be in XenD itself to maintain the correct use context.
Regards,
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules:
http://search.cpan.org/~danberr/ -=|
|=- Projects:
http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|