This bug is to keep track of keylime review report item 4.a:

 ### a) Revocation Notifier Uses fixed /tmp Path for UNIX Domain Socket
 
 In *revocation_notifier.py* a fixed path in the world writable location
 */tmp/keylime.verifier.ipc* is used. The code (in this case the third party
 `zeromq` Python module) forcefully removes any file object found there
 earlier.
 Should the program be running as non-root, or if another local user simply
 places a *directory* at this location, then this serves as a local DoS attack
 against the revocation notifier process, because the socket cannot be created.
 
 This situation doesn't even seem to be noticed by the verifier main process,
 because the child process `broker_proc` is never waited on. This means that
 the local attacker could even replace the "blocking" directory by his own UNIX
 domain socket later on and will then receive revocation events from
 invocations of the `notify()` function in the main verifier process.
 The full impact of this would have to be researched further. It looks like
 failed quote notifications would longer be sent out.
 
 I recommend to place UNIX domains sockets in a dedicated safe directory in
 /run that cannot be staged with attacks by other local users in the system.