From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mleitner@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 by dpdk.org (Postfix) with ESMTP id 7E0C41B023
 for <dev@dpdk.org>; Sat, 27 Jan 2018 16:03:10 +0100 (CET)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id C77234E4F3;
 Sat, 27 Jan 2018 15:03:09 +0000 (UTC)
Received: from dhcpe234.fit.vutbr.cz (ovpn-204-52.brq.redhat.com
 [10.40.204.52])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id 6F92E600D2;
 Sat, 27 Jan 2018 15:03:09 +0000 (UTC)
Received: by dhcpe234.fit.vutbr.cz (Postfix, from userid 1000)
 id BE739180F09; Sat, 27 Jan 2018 13:03:06 -0200 (-02)
Date: Sat, 27 Jan 2018 13:03:06 -0200
From: Marcelo Ricardo Leitner <mleitner@redhat.com>
To: Adrien Mazarguil <adrien.mazarguil@6wind.com>
Cc: Shahaf Shuler <shahafs@mellanox.com>,
 Nelio Laranjeiro <nelio.laranjeiro@6wind.com>, dev@dpdk.org
Message-ID: <20180127150306.GH3494@localhost.localdomain>
References: <20180124223625.1928-1-adrien.mazarguil@6wind.com>
 <20180126141215.30395-1-adrien.mazarguil@6wind.com>
 <20180126141215.30395-3-adrien.mazarguil@6wind.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20180126141215.30395-3-adrien.mazarguil@6wind.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.5.110.38]); Sat, 27 Jan 2018 15:03:09 +0000 (UTC)
Subject: Re: [dpdk-dev] [PATCH v2 2/4] net/mlx4: spawn rdma-core dependency
 plug-in
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Jan 2018 15:03:10 -0000

On Fri, Jan 26, 2018 at 03:19:00PM +0100, Adrien Mazarguil wrote:
...
> +static int
> +mlx4_glue_init(void)
> +{
> +	char file[] = "/tmp/" MLX4_DRIVER_NAME "_XXXXXX";
> +	int fd = mkstemp(file);
...
> +	while (off != mlx4_glue_lib_size) {
> +		ssize_t ret;
> +
> +		ret = write(fd, (const uint8_t *)mlx4_glue_lib + off,
> +			    mlx4_glue_lib_size - off);
> +		if (ret == -1) {
> +			if (errno != EINTR) {
> +				rte_errno = errno;
> +				goto glue_error;
> +			}
> +			ret = 0;
> +		}
> +		off += ret;
> +	}
> +	close(fd);
> +	fd = -1;
> +	handle = dlopen(file, RTLD_LAZY);
> +	unlink(file);

This is a potential security issue. There are no guarantees that the
file dlopen() will open is the file that was just written above. It
could have been changed by something else in between.

  Marcelo