rob piko schreef op di 04-05-2021 om 18:58 [-0400]:
> Hello Maxime,
>
> > * Use O_NOFOLLOW to *not* follow the symbolic link.
> > Patch for adding O_NOFOLLOW to guile:
>
> According to the man pages for the O_NOFOLLOW:
>
> > If the trailing component (i.e., basename) of pathname is
> >
Hello Maxime,
> * Use O_NOFOLLOW to *not* follow the symbolic link.
> Patch for adding O_NOFOLLOW to guile:
According to the man pages for the O_NOFOLLOW:
If the trailing component (i.e., basename) of *pathname* is
> a symbolic link, then the open fails, with the error
>
Hi,
[CC'ing some Guile and Guix maintainers because this is
important for the security of Guix System.]
I want to explain why these patches (and the O_FLAGS (*)
patch) should be included in Guile. Functions like "openat"
are important to avoid TOCTTOU (time-of-check to time-of-use)