How Hard Is It to Open a File?
11 hours ago
- #Software Vulnerabilities
- #File Security
- #Operating Systems
- Opening a file can be simple with standard library functions but becomes extremely hard when security boundaries are involved.
- Privileged processes operating on behalf of less privileged ones must handle paths carefully to avoid attacks like symlink exploits and TOCTOU races.
- File descriptors provide stable references to inodes, making them safer than path strings for secure file operations.
- Libraries like libglnx offer fd-based APIs (e.g., glnx_chaseat) for secure path traversal, avoiding absolute paths.
- Common path-based APIs in POSIX, GLib/Gio, and Rust can introduce vulnerabilities, complicating security in composed code.
- Flatpak faced security issues (e.g., CVE-2026-34078) due to path-based arguments, requiring audits and migration to fd-based approaches.
- The article suggests better cross-platform APIs should return opaque handles instead of paths, leveraging FUSE for universal filesystem access.