net: Shorten the path used by the client endpoint

For communication over unixgram, both the server and the client need an endpoint. They are filesystem paths which must be smaller than 104 bytes. This commit attempts to make them shorter while keeping them unique and non-guessable. Signed-off-by: Christophe Fergeau <[email protected]>
crc-org · Sep 23, 2024 · 5e826b5 · 5e826b5
1 parent 8cdea09
commit 5e826b5
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/pkg/vf/virtionet.go b/pkg/vf/virtionet.go
@@ -2,6 +2,7 @@ package vf
 
 import (
 	"fmt"
+	"math/rand"
 	"net"
 	"os"
 	"os/signal"
@@ -20,7 +21,18 @@ type VirtioNet struct {
 }
 
 func localUnixSocketPath(dir string) (string, error) {
-	tmpFile, err := os.CreateTemp(dir, fmt.Sprintf("vfkit-%d-*.sock", os.Getpid()))
+	// unix socket endpoints are filesystem paths, but their max length is
+	// quite small (a bit over 100 bytes).
+	// In this function we try to build a filename which is relatively
+	// unique, not easily guessable (to prevent hostile collisions), and
+	// short (`os.CreateTemp` filenames are a bit too long)
+	//
+	// os.Getpid() is unique but guessable. We append a short 16 bit random
+	// number to it. We only use hex values to make the representation more
+	// compact
+	filename := filepath.Join(dir, fmt.Sprintf("vfkit-%x-%x.sock", os.Getpid(), rand.Int31n(0xffff))) //#nosec G404 -- no need for crypto/rand here
+
+	tmpFile, err := os.OpenFile(filename, os.O_CREATE|os.O_EXCL, 0600)
 	if err != nil {
 		return "", err
 	}