Aleksa Sarai <cyphar@xxxxxxxxxx> wrote: > My counter-argument is that most people actually want > RESOLVE_NO_SYMLINKS (as evidenced by the countless symlink-related > security bugs -- many of which used O_NOFOLLOW incorrectly), it just > wasn't available before Linux 5.6. I would quibble as to whether they actually want this in all situations. There are some in which the difference in behaviour will conceivably break things - though that's more the case for things like stat(), statx(), fsinfo() and getxattr() where you might want to be able to query a specific symlink than for openat2() where you almost always want to follow it (save O_PATH | O_NOFOLLOW). However, if you're okay with me adding, say, RESOLVE_NO_TERMINAL_SYMLINK and RESOLVE_NO_TERMINAL_AUTOMOUNT, I can use these flags. I don't want to have to allow both RESOLVE_* and AT_*. David
