From 03bf604fc08abc9bb2d75bde21c96c9df4894a3b Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher <jakobunt@gmail.com>
Date: Tue, 5 Dec 2017 23:31:07 +0100
Subject: [PATCH] syscallcompat: OpenNofollow: use O_DIRECTORY flag

...when opening intermedia directories to give us an
extra layer of safety.

From the FreeBSD man page:

     This flag can be used to prevent applications with elevated
     privileges from opening files which are even unsafe to open with O_RDONLY,
     such as device nodes.
---
 internal/syscallcompat/open_nofollow.go      | 6 +++---
 internal/syscallcompat/open_nofollow_test.go | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/internal/syscallcompat/open_nofollow.go b/internal/syscallcompat/open_nofollow.go
index 1afa54c..4f75bd6 100644
--- a/internal/syscallcompat/open_nofollow.go
+++ b/internal/syscallcompat/open_nofollow.go
@@ -22,8 +22,8 @@ func OpenNofollow(baseDir string, relPath string, flags int, mode uint32) (fd in
 		tlog.Warn.Printf("BUG: OpenNofollow called with absolute relPath=%q", relPath)
 		return -1, syscall.EINVAL
 	}
-	// Open the base dir
-	dirfd, err := syscall.Open(baseDir, syscall.O_RDONLY, 0)
+	// Open the base dir (following symlinks)
+	dirfd, err := syscall.Open(baseDir, syscall.O_RDONLY|syscall.O_DIRECTORY, 0)
 	if err != nil {
 		return -1, err
 	}
@@ -39,7 +39,7 @@ func OpenNofollow(baseDir string, relPath string, flags int, mode uint32) (fd in
 	// Walk intermediate directories
 	var dirfd2 int
 	for _, name := range dirs {
-		dirfd2, err = Openat(dirfd, name, syscall.O_RDONLY|syscall.O_NOFOLLOW, 0)
+		dirfd2, err = Openat(dirfd, name, syscall.O_RDONLY|syscall.O_NOFOLLOW|syscall.O_DIRECTORY, 0)
 		syscall.Close(dirfd)
 		if err != nil {
 			return -1, err
diff --git a/internal/syscallcompat/open_nofollow_test.go b/internal/syscallcompat/open_nofollow_test.go
index 37ea76b..1f21557 100644
--- a/internal/syscallcompat/open_nofollow_test.go
+++ b/internal/syscallcompat/open_nofollow_test.go
@@ -31,8 +31,8 @@ func TestOpenNofollow(t *testing.T) {
 	if err == nil {
 		t.Fatalf("should have failed")
 	}
-	if err != syscall.ELOOP {
-		t.Errorf("expected ELOOP, got %v", err)
+	if err != syscall.ELOOP && err != syscall.ENOTDIR {
+		t.Errorf("expected ELOOP or ENOTDIR, got %v", err)
 	}
 	// Check to see that the base dir can be opened as well
 	fd, err = OpenNofollow(tmpDir, "", syscall.O_RDONLY, 0)