diff --git a/MANIFEST b/MANIFEST
index aaf84d54d..fe247a007 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -280,6 +280,7 @@ lib/util/regress/glob/globtest.c
 lib/util/regress/glob/globtest.in
 lib/util/regress/harness.in
 lib/util/regress/mktemp/mktemp_test.c
+lib/util/regress/open_parent_dir/open_parent_dir_test.c
 lib/util/regress/parse_gids/parse_gids_test.c
 lib/util/regress/progname/progname_test.c
 lib/util/regress/strsig/strsig_test.c
diff --git a/lib/util/Makefile.in b/lib/util/Makefile.in
index f3d44fc0f..90874ee3f 100644
--- a/lib/util/Makefile.in
+++ b/lib/util/Makefile.in
@@ -112,9 +112,9 @@ PVS_LOG_OPTS = -a 'GA:1,2' -e -t errorfile -d $(PVS_IGNORE)
 
 # Regression tests
 TEST_PROGS = conf_test hltq_test parseln_test progname_test \
+	     parse_gids_test getgids getgrouplist_test open_parent_dir_test \
 	     strsplit_test strtobool_test strtoid_test strtomode_test \
-	     strtonum_test parse_gids_test getgids getgrouplist_test \
-	     uuid_test @COMPAT_TEST_PROGS@
+	     strtonum_test uuid_test @COMPAT_TEST_PROGS@
 TEST_LIBS = @LIBS@
 TEST_LDFLAGS = @LDFLAGS@
 TEST_VERBOSE =
@@ -172,6 +172,8 @@ GLOBTEST_OBJS = globtest.lo glob.lo
 
 GETDELIM_TEST_OBJS = getdelim_test.lo getdelim.lo
 
+OPEN_PARENT_DIR_TEST_OBJS = open_parent_dir_test.lo mkdir_parents.lo
+
 STRTOBOOL_TEST_OBJS = strtobool_test.lo strtobool.lo
 
 STRTOMODE_TEST_OBJS = strtomode_test.lo strtomode.lo
@@ -283,6 +285,9 @@ hltq_test: $(HLTQ_TEST_OBJS) libsudo_util.la
 mktemp_test: $(MKTEMP_TEST_OBJS) libsudo_util.la
 	$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(MKTEMP_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(HARDENING_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS)
 
+open_parent_dir_test: $(OPEN_PARENT_DIR_TEST_OBJS) libsudo_util.la
+	$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(OPEN_PARENT_DIR_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(HARDENING_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS)
+
 parseln_test: $(PARSELN_TEST_OBJS) libsudo_util.la
 	$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(PARSELN_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(HARDENING_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS)
 
@@ -455,6 +460,7 @@ check: $(TEST_PROGS) check-fuzzer
 		./strsig_test || rval=`expr $$rval + $$?`; \
 	    fi; \
 	    ./getgrouplist_test || rval=`expr $$rval + $$?`; \
+	    ./open_parent_dir_test || rval=`expr $$rval + $$?`; \
 	    ./strtobool_test || rval=`expr $$rval + $$?`; \
 	    ./strtoid_test || rval=`expr $$rval + $$?`; \
 	    ./strtomode_test || rval=`expr $$rval + $$?`; \
@@ -1115,6 +1121,20 @@ nanosleep.i: $(srcdir)/nanosleep.c $(incdir)/compat/stdbool.h \
 	$(CC) -E -o $@ $(CPPFLAGS) $<
 nanosleep.plog: nanosleep.i
 	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/nanosleep.c --i-file $< --output-file $@
+open_parent_dir_test.lo: \
+                         $(srcdir)/regress/open_parent_dir/open_parent_dir_test.c \
+                         $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
+                         $(incdir)/sudo_fatal.h $(incdir)/sudo_plugin.h \
+                         $(incdir)/sudo_util.h $(top_builddir)/config.h
+	$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/regress/open_parent_dir/open_parent_dir_test.c
+open_parent_dir_test.i: \
+                         $(srcdir)/regress/open_parent_dir/open_parent_dir_test.c \
+                         $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
+                         $(incdir)/sudo_fatal.h $(incdir)/sudo_plugin.h \
+                         $(incdir)/sudo_util.h $(top_builddir)/config.h
+	$(CC) -E -o $@ $(CPPFLAGS) $<
+open_parent_dir_test.plog: open_parent_dir_test.i
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/open_parent_dir/open_parent_dir_test.c --i-file $< --output-file $@
 openat.lo: $(srcdir)/openat.c $(incdir)/sudo_compat.h $(top_builddir)/config.h
 	$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/openat.c
 openat.i: $(srcdir)/openat.c $(incdir)/sudo_compat.h $(top_builddir)/config.h
diff --git a/lib/util/regress/open_parent_dir/open_parent_dir_test.c b/lib/util/regress/open_parent_dir/open_parent_dir_test.c
new file mode 100644
index 000000000..95f1a09ed
--- /dev/null
+++ b/lib/util/regress/open_parent_dir/open_parent_dir_test.c
@@ -0,0 +1,166 @@
+/*
+ * SPDX-License-Identifier: ISC
+ *
+ * Copyright (c) 2022 Todd C. Miller <Todd.Miller@sudo.ws>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define SUDO_ERROR_WRAP 0
+
+#include "sudo_compat.h"
+#include "sudo_fatal.h"
+#include "sudo_util.h"
+
+sudo_dso_public int main(int argc, char *argv[]);
+
+static int errors = 0, ntests = 0;
+
+static int
+run_test(const char *tdir, const char *path, uid_t uid, gid_t gid)
+{
+    char *cp, fullpath[PATH_MAX];
+    struct stat sb1, sb2;
+    int dfd, len;
+    int ret = -1;
+
+    /* Test creating full path. */
+    len = snprintf(fullpath, sizeof(fullpath), "%s/%s", tdir, path);
+    if (len < 0 || len >= ssizeof(fullpath)) {
+	errno = ENAMETOOLONG;
+	sudo_fatal("%s/%s", tdir, path);
+    }
+    ntests++;
+    dfd = sudo_open_parent_dir(fullpath, uid, gid, 0700, false);
+    if (dfd == -1) {
+	errors++;
+	goto done;
+    }
+
+    /* Verify that we only created the parent dir, not full path. */
+    ntests++;
+    if (stat(fullpath, &sb1) == 0) {
+	sudo_warnx("created full path \"%s\", not just parent dir",
+	    fullpath);
+	errors++;
+	goto done;
+    }
+
+    /* Verify that dfd refers to the parent dir. */
+    ntests++;
+    cp = strrchr(fullpath, '/');
+    *cp = '\0';
+    if (stat(fullpath, &sb1) == -1) {
+	sudo_warn("%s", fullpath);
+	errors++;
+	goto done;
+    }
+    if (fstat(dfd, &sb2) == -1) {
+	sudo_warn("%s", fullpath);
+	errors++;
+	goto done;
+    }
+    if (sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino) {
+	sudo_warn("%s: sudo_open_parent_dir fd mismatch", fullpath);
+	errors++;
+	goto done;
+    }
+
+done:
+    if (dfd != -1)
+	close(dfd);
+    return ret;
+}
+
+int
+main(int argc, char *argv[])
+{
+    char tdir[] = "open_parent_dir.XXXXXXXX";
+    int ch, dfd, fd, len;
+    char cmd[1024];
+    uid_t uid;
+    gid_t gid;
+
+    initprogname(argc > 0 ? argv[0] : "open_parent_dir_test");
+
+    while ((ch = getopt(argc, argv, "v")) != -1) {
+	switch (ch) {
+	case 'v':
+	    /* ignore */
+	    break;
+	default:
+	    fprintf(stderr, "usage: %s [-v]\n", getprogname());
+	    return EXIT_FAILURE;
+	}
+    }
+    argc -= optind;
+    argv += optind;
+
+    uid = geteuid();
+    gid = getegid();
+
+    /* All tests relative to tdir. */
+    if (mkdtemp(tdir) == NULL)
+	sudo_fatal("%s", tdir);
+
+    /* Test creating new path. */
+    dfd = run_test(tdir, "level1/level2/level3", uid, gid);
+
+    /* Verify we can create a new file in the new parent dir. */
+    if (dfd != -1) {
+	ntests++;
+	fd = openat(dfd, "testfile", O_WRONLY|O_CREAT|O_EXCL, 0600);
+	if (fd == -1) {
+	    errors++;
+	} else {
+	    close(fd);
+	}
+	close(dfd);
+	dfd = -1;
+    }
+
+    /* Test exiting path when final component exists. */
+    dfd = run_test(tdir, "level1/level2/testfile", uid, gid);
+    if (dfd != -1) {
+	unlinkat(dfd, "testfile", 0);
+	close(dfd);
+    }
+
+    /* Test exiting path when final component doesn't exist. */
+    dfd = run_test(tdir, "level1/level2/testfile", uid, gid);
+    if (dfd != -1)
+	close(dfd);
+
+    /* Cleanup */
+    len = snprintf(cmd, sizeof(cmd), "rm -rf \"%s\"", tdir);
+    if (len < 0 || len >= ssizeof(cmd)) {
+	errno = ENAMETOOLONG;
+	sudo_fatalx("rm -rf %s", tdir);
+    }
+    ignore_result(system(cmd));
+
+    if (ntests != 0) {
+	printf("%s: %d tests run, %d errors, %d%% success rate\n",
+	    getprogname(), ntests, errors, (ntests - errors) * 100 / ntests);
+    }
+    return errors;
+}