Consider using the three argument form of open. This will prevent the user from including characters in filename that can effect what open() does (e.g. '-' or a numerical file descriptor).