Bryan Steele May 28, 2025

A draft proposal from Theo de Raadt on #OpenBSD tech@:"openat(2) is mostly useless, sadly."

To keep it simple, these calls were not designed to assist any security model.

[...]

Let's create directory fd's which cannot traverse upwards. Mark the object, instead of requiring a programmer to put a flag on every system call acting upon the object. Two operational flags are added, O_BELOW and F_BELOW.

https://marc.info/?l=openbsd-tech&m=174844109910709&w=2

'openat(2) is mostly useless, sadly' - MARC

Show threadTim Chase

@brynet

Seems pretty reasonable, but I was confused by the choice of ENOTTY ("inappropriate ioctl for device") in the patch when EPERM, ENOENT, EACCES, or EINVAL feels more fitting to me. #bikeshedding

(FWIW, everywhere else in that patch uses ENOENT)

May 29, 2025 at 12:08amWeb