Because we resolve symlinks manually, we end up bypassing fs.protected_symlinks protections. This means that we could end up following symlinks that wouldn't be followed with a regular open. The scope of this problem is quite limited because we always restrict lookups to be inside the root (while usually attacks of this form are related to administrative tools opening symlinks without restrictions) but for consistency's sake we should probably implement this behaviour.
Because we resolve symlinks manually, we end up bypassing
fs.protected_symlinksprotections. This means that we could end up following symlinks that wouldn't be followed with a regular open. The scope of this problem is quite limited because we always restrict lookups to be inside the root (while usually attacks of this form are related to administrative tools opening symlinks without restrictions) but for consistency's sake we should probably implement this behaviour.