Skip to content

Add support for Linux openat2 syscall to os.open #141878

New issue
New issue
Closed as not planned
Closed as not planned
Add support for Linux openat2 syscall to os.open#141878
Labels
extension-modulesC modules in the Modules dirpendingThe issue will be closed if no feedback is providedtype-featureA feature request or enhancement
@abacabadabacaba

Description

@abacabadabacaba
abacabadabacaba
opened on Nov 23, 2025

Feature or enhancement

Proposal:

I propose to add the functionality of the Linux openat2 syscall to the os.open function. In particular, this includes adding resolve parameter and the associated constants.

This functionality is useful to protect applications against path traversal attacks. In particular, it allows resolving a path without following any symlinks, or while preventing any access outside of the base directory. While some of it can be emulated by resolving the path one component at a time (using dir_fd, O_NOFOLLOW and O_DIRECTORY), doing it securely is tricky. Therefore, exposing the functionality provided by the kernel would be useful.

Has this already been discussed elsewhere?

This is a minor feature, which does not need previous discussion elsewhere

Links to previous discussion of this feature:

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    extension-modulesC modules in the Modules dirpendingThe issue will be closed if no feedback is providedtype-featureA feature request or enhancement

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions