From: "Theo de Raadt" Subject: Re: openat(2) is mostly useless, sadly To: "H. Hartzer" Cc: tech@openbsd.org Date: Fri, 30 May 2025 12:24:46 -0600 > > RCS file: /cvs/src/sys/sys/fcntl.h,v > > diff -u -p -u -r1.22 fcntl.h > > --- sys/sys/fcntl.h 21 Jan 2019 18:09:21 -0000 1.22 > > +++ sys/sys/fcntl.h 24 May 2025 00:33:56 -0000 > > @@ -84,6 +84,7 @@ > > #define O_ASYNC 0x0040 /* signal pgrp when data ready */ > > #define O_FSYNC 0x0080 /* backwards compatibility */ > > #define O_NOFOLLOW 0x0100 /* if path is a symlink, don't follow */ > > +#define O_BELOW 0x40000 /* openat(2) cannot open above */ > > I wanted to point out that the language can be confusing of "above", > "below", etc. Now it may be that this is named as appropriately as it > can be, but while I was reading my instinct was that "below" meant a > child directory, rather than a parent. I think there may be some > confusion over the semantics. There is no real confusion here. There are 3 places you go reach with an *at() call. below "." (meaning the directory itself) above The middle case is doable possible by doing dotfd = openat(dirfd, ".", O_DIRECTORY) But this is very obscure. It is a not a dup(), either. It's something different. But noone will do this. O_BELOW allows the opening of ".", and other things below. In truth what it doesn't allow is "above". I've not found a way to say this, without using O_NOTABOVE which is a name I'm not going to use because the world ain't needing no more double negatives. > O_BELOW also sounds somewhat like it allows below, but not only below. > Maybe O_ONLYBELOW? No. Does O_CREAT do more than creat? Damn those stupid old Unix farts why didn't they call it O_ONLYCREAT to make this more clear... > Another possibility might be something like O_CHROOT, > which is a familiar and similar term, though might add other confusion. Inside a chroot, '/' refers to the base of the chroot. O_BELOW is NOT chroot, because it does not allow absolute paths at all. It is not the same. I explained this, but you didn't read. > I think that ascend/descend might be somewhat more intuitive terms. > Perhaps O_DESCEND, or O_ONLYDESCEND. No, because that solves nothing. I think you are going out of your way to confuse yourself, and I'm not going to get dragged into it.