Feature or enhancement
Proposal:
I propose to add the functionality of the Linux openat2 syscall to the os.open function. In particular, this includes adding resolve parameter and the associated constants.
This functionality is useful to protect applications against path traversal attacks. In particular, it allows resolving a path without following any symlinks, or while preventing any access outside of the base directory. While some of it can be emulated by resolving the path one component at a time (using dir_fd, O_NOFOLLOW and O_DIRECTORY), doing it securely is tricky. Therefore, exposing the functionality provided by the kernel would be useful.
Has this already been discussed elsewhere?
This is a minor feature, which does not need previous discussion elsewhere
Links to previous discussion of this feature:
No response
Feature or enhancement
Proposal:
I propose to add the functionality of the Linux
openat2syscall to theos.openfunction. In particular, this includes addingresolveparameter and the associated constants.This functionality is useful to protect applications against path traversal attacks. In particular, it allows resolving a path without following any symlinks, or while preventing any access outside of the base directory. While some of it can be emulated by resolving the path one component at a time (using
dir_fd,O_NOFOLLOWandO_DIRECTORY), doing it securely is tricky. Therefore, exposing the functionality provided by the kernel would be useful.Has this already been discussed elsewhere?
This is a minor feature, which does not need previous discussion elsewhere
Links to previous discussion of this feature:
No response