We have sqFileOpenNew() in newer VMs (it's unused in the image though), but it uses a boolean flag parameter to distinguish between failure caused by the file existing and all other causes,
This sounds like an incomplete past attempt to fix this (or a related) security hole. Starting to use this primitive instead could be a good short-term fix.
and I'd rather have a set of FilePlugin error codes, which could be mapped to file exceptions in the image, to provide better info for why a file operation failed, and also to fix certain file methods I've seen that just assume a particular reason for a failure.
>From a security perspective, I like this solution even better. Developer visibility into errors is almost always helpful.