From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <yuanhan.liu@linux.intel.com>
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 by dpdk.org (Postfix) with ESMTP id C8BF13F9
 for <dev@dpdk.org>; Wed, 16 Dec 2015 02:31:05 +0100 (CET)
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
 by fmsmga101.fm.intel.com with ESMTP; 15 Dec 2015 17:31:04 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.20,435,1444719600"; d="scan'208";a="874501816"
Received: from yliu-dev.sh.intel.com (HELO yliu-dev) ([10.239.66.49])
 by fmsmga002.fm.intel.com with ESMTP; 15 Dec 2015 17:31:03 -0800
Date: Wed, 16 Dec 2015 09:31:13 +0800
From: Yuanhan Liu <yuanhan.liu@linux.intel.com>
To: Pavel Fedin <p.fedin@samsung.com>
Message-ID: <20151216013113.GM29571@yliu-dev.sh.intel.com>
References: <00c101d13735$e85453d0$b8fcfb70$@samsung.com>
 <20151215140450.GL29571@yliu-dev.sh.intel.com>
 <00cd01d13743$e1a7c4a0$a4f74de0$@samsung.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <00cd01d13743$e1a7c4a0$a4f74de0$@samsung.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: dev@dpdk.org, 'Ilya Maximets' <i.maximets@samsung.com>,
 'Dyasly Sergey' <s.dyasly@samsung.com>
Subject: Re: [dpdk-dev] problem vhost-user sockets
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Dec 2015 01:31:06 -0000

On Tue, Dec 15, 2015 at 05:21:25PM +0300, Pavel Fedin wrote:
>  Hello!
> 
> > I'm thinking you can't simply unlink a file given by a user inside
> > a libraray unconditionaly. Say, what if a user gives a wrong socket
> > path?
> 
>  Well... We can improve the security by checking that:
> 
> a) The file exists and it's a socket.
> b) Nobody is listening on it.

I don't think that's enough. And the fact of the matter is you should
not remove a file inside a libraray that is not created by itself.

> > I normally write a short script to handle it automatically.
> 
>  I know, you can always hack up some kludges, just IMHO it's not production-grade solution. What if you are cloud administrator, and
> you have 1000 users, each of them using 100 vhost-user interfaces? List all of them in some script? Too huge job, i would say.
>  And without it the thing just appears to be too fragile, requiring manual maintenance after a single stupid failure.

You need fix the application then. The file path is constructed there
after all. And if it's an open source project (say ovs), you are free
to fix it then, isn't it? ;)

	--yliu