dnd kitten: Create regular files with O_EXCL to avoid symlink attacks

This is not really needed as the terminal emulator should be de
duplicating directory entries anyway but no harm in defense in depth.

kittens/dnd/drop.go

@@ -823,7 +823,7 @@ func (dnd *dnd) on_remote_drop_data(cmd DC) (err error) {
 		e.item_type = cmd.Xp
 		switch cmd.Xp {
 		case 0:
-			f, err := utils.CreateAt(e.base_dir.handle, e.name, 0o666)
+			f, err := utils.CreateExclusiveAt(e.base_dir.handle, e.name, 0o666)
 			if err != nil {
 				return err
 			}

tools/utils/file_at_fd.go

@@ -79,6 +79,12 @@ func CreateAt(dirFile *os.File, name string, permissions os.FileMode) (*os.File,
 	return openAt(dirFile, name, unix.O_RDWR|unix.O_CREAT|unix.O_TRUNC, permissions)
 }
 
+// CreateExclusiveAt creates a file relative to the directory pointed to by
+// dirFile. Fails if a directory entry with the same name already exists.
+func CreateExclusiveAt(dirFile *os.File, name string, permissions os.FileMode) (*os.File, error) {
+	return openAt(dirFile, name, unix.O_RDWR|unix.O_CREAT|unix.O_EXCL, permissions)
+}
+
 // Create the specified directory, open it and return the file object. If the
 // directory already exists, it is opened and returned, without changing its
 // permissions, matching the behavior of CreateAt().