Tracking Issue for directory handles · Issue #120426 · rust-lang/rust (original) (raw)

Feature gate: #![feature(dirfd)]

This is a tracking issue for directory handles. Such handles provide a stable reference to an underlying filesystem object (typically directories) that are less vulnerable to TOCTOU attacks and similar races. These security properties will be platform-dependent. Platforms that don't provide the necessary primitives will fall back to operations on absolute paths.

Additionally they may also provide performance benefits by avoiding repeated path lookups when performing many operations on a directory.

Sandboxing is a non-goal. If a platform supports upwards path traversal via .. or symlinks then directory handles will not prevent that. Providing O_BENEATH-style traversal is left to 3rd-party crates or future extensions.

Public API

impl Dir { pub fn open<P: AsRef>(&self, path: P) -> Result /// This could be put on OpenOptions instead pub fn open_with<P: AsRef>(&self, path: P, options: &OpenOptions) -> Result pub fn create_dir<P: AsRef>(&self, path: P) -> Result<()> pub fn rename<P: AsRef, Q: AsRef>(&self, from: P, to_dir: &Self, to: Q) -> Result<()> pub fn remove_file<P: AsRef>(&self, path: P) -> Result<()> pub fn remove_dir<P: AsRef>(&self, path: P) -> Result<()> pub fn symlink<P: AsRef, Q: AsRef>(&self, original: P, link: Q)

 /// ... more convenience methods

}

impl DirEntry { pub fn open(&self) -> Result /// This could be put on OpenOptions instead pub fn open_with(&self, options: &OpenOptions) -> Result pub fn remove_file(&self) -> Result<()> pub fn remove_dir(&self) -> Result<()> }

Steps / History

Unresolved Questions

  1. https://std-dev-guide.rust-lang.org/feature-lifecycle/stabilization.html