Actually make O_DIRECTORY work.

According to POSIX open() must return ENOTDIR when the path name does
not refer to a path name. Change vn_open() to respect this flag. This
also simplifies the Linuxolator a bit.

1 files changed, 12 insertions, 0 deletions

diff --git a/lib/libc/sys/open.2 b/lib/libc/sys/open.2
index 3a5979f..04fa0fe 100644
--- a/lib/libc/sys/open.2
+++ b/lib/libc/sys/open.2
@@ -117,6 +117,7 @@ O_SYNC		synchronous writes
 O_NOFOLLOW	do not follow symlinks
 O_NOCTTY	don't assign controlling terminal
 O_TTY_INIT	restore default terminal attributes
+O_DIRECTORY	error if file is not a directory
 .Ed
 .Pp
 Opening a file with
@@ -222,6 +223,14 @@ The initial call to
 on a TTY will always restore default terminal attributes on
 .Fx .
 .Pp
+.Dv O_DIRECTORY
+may be used to ensure the resulting file descriptor refers to a
+directory.
+This flag can be used to prevent applications with elevated privileges
+from opening files which are even unsafe to open with
+.Dv O_RDONLY ,
+such as device nodes.
+.Pp
 If successful,
 .Fn open
 returns a non-negative integer, termed a file descriptor.
@@ -413,6 +422,9 @@ argument is not an absolute path and
 is neither
 .Dv AT_FDCWD
 nor a file descriptor associated with a directory.
+.It Bq Eq ENOTDIR
+.Dv O_DIRECTORY
+is specified and the file is not a directory.
 .El
 .Sh SEE ALSO
 .Xr chmod 2 ,