How Hard Is It To Open a File?

25 points by polywolf

vimpostor

You can audit your own code meticulously, open everything with O_PATH | O_NOFOLLOW, chain *at() calls carefully — and then call a third-party library that calls open(path) internally

That's why implementing this using flags on openat() has always been fundamentally broken. I much prefer Theo's proposal to be able to lock file descriptors:

Since all the *at(2) functions have a flags parameter, their strategy was to add an additional flag which didn't allow upwards traversal. I think that misses the point, and have a different proposal.

Let's create directory fd's which cannot traverse upwards. Mark the object, instead of requiring a programmer to put a flag on every system call acting upon the object.

Now you can simply lock your fd:

dirfd = open("path", O_DIRECTORY | O_BELOW); // on creation
fcntl(dirfd, F_BELOW); // or on existing fd

And no longer need to worry about getting every single following syscall right.

nortti

How does this handle a dependency calling plain open(path)?

Qyriad

It’s very easy to open a file! Oh, wait, you want to open a specific file? lol.