> > Hi, > > dumb question: what is the advantage of openat vs. open - only the thing > that someone doesn't need to build the path together by hand? > > If I understand the man page of openat correctly, it does _not_ prevent > someone to break out of the jail by using e.g. ../../../blah . > If this assumption is correctly perhaps it is better to avoid using the > *at function family (as it was some time ago) and sanitize the path (by > somehow canonizing it and than check if the beginning is ok). > > Then I could use the "normal" posix function again and avoid using the NT* > Functions directly which is not soooo nice for various reasons. > > Best regards, > Michael Fritscher >
Hi again, I see one thing: symlinks somewhere in the path (which seemed to be the reason introducing the *at family). But I think that this can be handled by canonlizing the path, too. realpath should do the job quite well. Best regards, Michael Fritscher
