Re: [libvirt] [PATCH] move ebiptables script out of /tmp

Hi, I noticed today that ebiptablesWriteToTempFile() creates a temporary file in /tmp that is later executed. It uses mkstemp() and therefore is safe from symlinks attacks, however, there is not really any reason that I can see why it is using /tmp instead of somewhere like /var/lib/libvirt. If libvirtd is confined under a MAC which allows execution of /tmp/virtd* and a vulnerability is found in libvirtd, the /tmp path leaves an opportunity for a local non-root attacker to write a script in /tmp and then subvert libvirt to execute that script.