From b72a6a7b868deb5b671020c08fbf8d61ad8803d4 Mon Sep 17 00:00:00 2001
From: Dan Kortschak <dan@kortschak.io>
Date: Fri, 3 Jun 2022 20:51:26 +0930
Subject: [PATCH] os: document that Chdir affects fs.FS returned by DirFS with
 a relative path

Fixes #47214.

Change-Id: I6fdc1c4340c0943b825ac22e311179ad1cf30915
Reviewed-on: https://go-review.googlesource.com/c/go/+/410334
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
---
 src/os/file.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/os/file.go b/src/os/file.go
index ab017d4af7..9f388921ae 100644
--- a/src/os/file.go
+++ b/src/os/file.go
@@ -620,8 +620,10 @@ func isWindowsNulName(name string) bool {
 // operating system will begin with "/prefix": DirFS("/prefix").Open("file") is the
 // same as os.Open("/prefix/file"). So if /prefix/file is a symbolic link pointing outside
 // the /prefix tree, then using DirFS does not stop the access any more than using
-// os.Open does. DirFS is therefore not a general substitute for a chroot-style security
-// mechanism when the directory tree contains arbitrary content.
+// os.Open does. Additionally, the root of the fs.FS returned for a relative path,
+// DirFS("prefix"), will be affected by later calls to Chdir. DirFS is therefore not
+// a general substitute for a chroot-style security mechanism when the directory tree
+// contains arbitrary content.
 //
 // The result implements fs.StatFS.
 func DirFS(dir string) fs.FS {
-- 
2.48.1