Reject when O_NOFOLLOW would have refused

Challenge

Implement int can_open_path_safely(const char *path, int last_is_symlink, int has_traversal).

Return 1 (safe) only if:

• last_is_symlink == 0 (the final component is NOT a symlink), AND
• has_traversal == 0 (no .. segments).

Else return 0 (refused).

This models the result of using openat + O_NOFOLLOW after a path-traversal pre-check.

Why this matters

openat(dirfd, name, O_NOFOLLOW) returns ELOOP when the path is a symlink. Encoding that in a small policy lets you reason about the defence without a real filesystem.

Input format

path + two boolean flags from prior checks.

Output format

0/1.

Constraints

Pure boolean logic.

Starter code

int can_open_path_safely(const char *path, int last_is_symlink, int has_traversal) { /* TODO */ (void)path; (void)last_is_symlink; (void)has_traversal; return 0; }

Common mistakes

Returning 1 even when traversal is detected.

Edge cases to handle

NULL path. Both flags set.

Complexity

O(1).

Background lessons

• Symlink attacks and how to refuse them
• TOCTOU — time-of-check vs time-of-use races

Up next

• Validate that a mkstemp template ends with at least 6 X's
• Detect path-traversal patterns in a string