On 2026-01-17 15:02:42, Collin Funk wrote: > > This just introduces TOCTOU races, no? > > If someone can delete a portion of "opts.NewTreeName" and recreate an > element as a symbolic link before "os.MkdirAll" is executed, they would > be able to achieve the same thing as before the patch. > > Surely Go has a way to use O_NOFOLLOW, right? That would be the correct > way to do it.
I have not looked at the actual issue here, but in general even O_NOFOLLOW is insufficient, because it only affects the trailing path component. To avoid symlinks in other components, you must carefully openat() each path component, one at a time, starting from the root.
