Open vtjnash opened 1 year ago
ah, wait, sorry, the flag is O_CREAT | O_EXCL
Do we have an open flag for that?
Doesn't seem like we do. I guess I can use an internal open method, but maybe better to add an exclusive
flag to the open
function instead and then use it.
When opening files for writing, this package probably never wants to overwrite an existing file. This can be prevented (including any race conditions) by setting the ~O_CREAT~ O_EXCL flag when opening files for writing. This would potentially avoid any security vulnerabilities being discovered by package users resulting from malicious tar files overwriting important files.