From 6e89121103489351b88aa014b934792f6130ff1e Mon Sep 17 00:00:00 2001
From: Tulio A M Mendes <tadryanom@hotmail.com>
Date: Tue, 26 May 2026 02:19:02 -0300
Subject: [PATCH] security: implement O_NOFOLLOW -ELOOP return (Fase 3)

---
 src/kernel/syscall.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/kernel/syscall.c b/src/kernel/syscall.c
index f0f45fe3..d62ba309 100644
--- a/src/kernel/syscall.c
+++ b/src/kernel/syscall.c
@@ -2351,6 +2351,10 @@ static int syscall_open_impl(const char* user_path, uint32_t flags) {
     fs_node_t* node;
     if (flags & 0x20000) { /* O_NOFOLLOW */
         node = vfs_lookup_nofollow(path);
+        /* If O_NOFOLLOW is set and the final component is a symlink, return -ELOOP */
+        if (node && node->flags == FS_SYMLINK) {
+            return -ELOOP;
+        }
     } else {
         node = vfs_lookup(path);
     }
-- 
2.43.0