>> I see one thing: symlinks somewhere in the path (which seemed to be the >> reason introducing the *at family). But I think that this can be handled >> by canonlizing the path, too. realpath should do the job quite well. >> > > Unfortunately now because we have TOCTOU condition here: some path element > could be replaced by a symlink after realpath() but before we actually > pass > the resulting path to a syscall. >
Hi, my mistake was that thinking that O_NOFOLLOW prevents following any symlink in the path, but it prevents only following if the pathname itself is a symlink... Best regards, Michael Frischer