Paul Eggert <[email protected]> writes: > This supports the openat2 system call of Linux 5.6 (2020) and > later. Although not yet exposed by glibc, the call is useful for > programs like GNU Tar that need to be paranoid about traversing > file names from untrusted sources. On platforms lacking > openat2, it is emulated in user space. > * lib/openat2.c, m4/openat2.m4, modules/openat2: > * modules/openat2-tests, tests/test-openat2.c: New files. > * lib/fcntl.in.h (struct open_how, RESOLVE_NO_XDEV) > (RESOLVE_NO_MAGICLINKS, RESOLVE_NO_SYMLINKS, RESOLVE_BENEATH) > (RESOLVE_IN_ROOT, RESOLVE_CACHED): > New type and constants, if <linux/openat2.h> does not define. > (openat2): New decls. > * m4/fcntl_h.m4 (gl_FCNTL_H, gl_FCNTL_H_REQUIRE_DEFAULTS) > (gl_FCNTL_H_DEFAULTS): > * modules/fcntl-h (fcntl.h): > Also check for openat2. > --- > ChangeLog | 18 ++ > MODULES.html.sh | 1 + > lib/fcntl.in.h | 40 +++ > lib/openat2.c | 569 ++++++++++++++++++++++++++++++++++++++++++ > m4/fcntl_h.m4 | 6 +- > m4/openat2.m4 | 33 +++ > modules/fcntl-h | 2 + > modules/openat2 | 49 ++++ > modules/openat2-tests | 22 ++ > tests/test-open.h | 5 +- > tests/test-openat2.c | 527 ++++++++++++++++++++++++++++++++++++++ > 11 files changed, 1268 insertions(+), 4 deletions(-) > create mode 100644 lib/openat2.c > create mode 100644 m4/openat2.m4 > create mode 100644 modules/openat2 > create mode 100644 modules/openat2-tests > create mode 100644 tests/test-openat2.c
Cool. I assume you are working for the behavior change for that tar "vulnerability" [1]? Also, I vaguely remember openat2 being discussed on libc-alpha where there was debate over the flags. Did that ever get resolved? Ideally we should use the prototype that glibc adopts. Collin [1] https://nvd.nist.gov/vuln/detail/CVE-2025-45582
