vtjnash
commented
1 year ago ah, wait, sorry, the flag is O_CREAT | O_EXCL
Open vtjnash opened 1 year ago
vtjnash
commented
1 year ago ah, wait, sorry, the flag is O_CREAT | O_EXCL
StefanKarpinski
commented
1 year ago Do we have an open flag for that?
StefanKarpinski
commented
1 year ago Doesn't seem like we do. I guess I can use an internal open method, but maybe better to add an exclusive flag to the open function instead and then use it.
When opening files for writing, this package probably never wants to overwrite an existing file. This can be prevented (including any race conditions) by setting the ~O_CREAT~ O_EXCL flag when opening files for writing. This would potentially avoid any security vulnerabilities being discovered by package users resulting from malicious tar files overwriting important files.