Jean-Philippe, ah, that is a bit of an annoyance. I don't know what to recommend.
The race condition I was worried about is the check for the realpath() appears to be done some point before the file is opened; a symlink could be made between those two and the end result could be the same. Of course this may or may not be a pressing issue -- php, for example, gave up trying to defend their "safe_open" family of functions that tried to restrict access to one directory tree, because it is in the end POSIX does not make this goal easy. open(2)'s O_NOFOLLOW only applies to the final component of the path, not every element in the path. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1394590 Title: LFI Security vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/psensor/+bug/1394590/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
