Hello Maxime, > * Use O_NOFOLLOW to *not* follow the symbolic link. > Patch for adding O_NOFOLLOW to guile: According to the man pages for the O_NOFOLLOW: If the trailing component (i.e., basename) of *pathname* is > a symbolic link, then the open fails, with the error > *ELOOP*. Symbolic links in earlier components of the > pathname will still be followed. > > Sounds like O_NOFOLLOW would not fix the issue if the symlink is found in other parts of the pathname outside of the basename? Regards, Kostyantyn Kovalskyy On Sun, Mar 28, 2021 at 7:18 AM wrote: > On Sat, Mar 27, 2021 at 10:19:20PM +0100, Maxime Devos wrote: > > Hi, > > > > [CC'ing some Guile and Guix maintainers because this is > > important for the security of Guix System.] > > [snipped CC, since my answer is just a thankyou] > > > I want to explain why these patches (and the O_FLAGS (*) > > patch) should be included in Guile [...] > > *THANK YOU* > > This from someone striving to make Guile the "default tool for > around the house". > > Cheers > - t >