So I gave (2) by creating a symlink in a folder that a particular profile was could access to a file in folder it didn't have access to. The query_file utility attached to this bug said I was allowed access to the symlink.
So I think we need a bit more guidance on how to use this interface safely. I guess a call to realpath() could help with the symlink issue, but the issue of races if we're separating the access check from the use of the resource. Do we just decide that this isn't a problem worth solving, or is there some other way to use this API that I'm not seeing?
So I gave (2) by creating a symlink in a folder that a particular profile was could access to a file in folder it didn't have access to. The query_file utility attached to this bug said I was allowed access to the symlink.
So I think we need a bit more guidance on how to use this interface safely. I guess a call to realpath() could help with the symlink issue, but the issue of races if we're separating the access check from the use of the resource. Do we just decide that this isn't a problem worth solving, or is there some other way to use this API that I'm not seeing?