mkhtemp: use O_NOFOLLOW in same_dir

we have a policy: symlinks do not exist. Signed-off-by: Leah Rowe <leah@libreboot.org>
author: Leah Rowe <leah@libreboot.org> 2026-03-28 09:16:05 +0000
committer: Leah Rowe <leah@libreboot.org> 2026-03-28 09:16:05 +0000
commit: 16bc9feda8e793fd74b1d8131b01a18d212acb9f (patch)
tree: c8bc34a08469522fb6f65e2bc8ee6370c0236452 /util/libreboot-utils/lib/mkhtemp.c
parent: 93ecd26306532dd9b139aaaa25f50444716e35af (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/util/libreboot-utils/lib/mkhtemp.c b/util/libreboot-utils/lib/mkhtemp.c
index dda5eed4..532d93c7 100644
--- a/util/libreboot-utils/lib/mkhtemp.c
+++ b/util/libreboot-utils/lib/mkhtemp.c
@@ -327,11 +327,11 @@ same_dir(const char *a, const char *b)
 	if (rval_scmp == 0)
 		goto success_same_dir;
 
-	fd_a = fs_open(a, O_RDONLY | O_DIRECTORY);
+	fd_a = fs_open(a, O_RDONLY | O_DIRECTORY | O_NOFOLLOW);
 	if (fd_a < 0)
 		goto err_same_dir;
 
-	fd_b = fs_open(b, O_RDONLY | O_DIRECTORY);
+	fd_b = fs_open(b, O_RDONLY | O_DIRECTORY | O_NOFOLLOW);
 	if (fd_b < 0)
 		goto err_same_dir;
 
@@ -906,6 +906,8 @@ int secure_file(int *fd,
 		if (lock_file(*fd, flags) == -1)
 			goto err_demons;
 
+		/* TODO: why would this be NULL? audit
+		 * to find out. we should always verify! */
 		if (expected != NULL)
 			if (fd_verify_identity(*fd, expected, &st_now) < 0)
 				goto err_demons;
author	Leah Rowe <leah@libreboot.org>	2026-03-28 09:16:05 +0000
committer	Leah Rowe <leah@libreboot.org>	2026-03-28 09:16:05 +0000
commit	16bc9feda8e793fd74b1d8131b01a18d212acb9f (patch)
tree	c8bc34a08469522fb6f65e2bc8ee6370c0236452 /util/libreboot-utils/lib/mkhtemp.c
parent	93ecd26306532dd9b139aaaa25f50444716e35af (diff)