Date: Thu, 27 Sep 2012 16:43:24 +0000 (UTC) From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r241000 - head/sys/kern Message-ID: <201209271643.q8RGhOAP055026@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pjd Date: Thu Sep 27 16:43:23 2012 New Revision: 241000 URL: http://svn.freebsd.org/changeset/base/241000 Log: Revert r240931, as the previous comment was actually in sync with POSIX. I have to note that POSIX is simply stupid in how it describes O_EXEC/fexecve and friends. Yes, not only inconsistent, but stupid. In the open(2) description, O_RDONLY flag is described as: O_RDONLY Open for reading only. Taken from: http://pubs.opengroup.org/onlinepubs/9699919799/functions/open.html Note "for reading only". Not "for reading or executing"! In the fexecve(2) description you can find: The fexecve() function shall fail if: [EBADF] The fd argument is not a valid file descriptor open for executing. Taken from: http://pubs.opengroup.org/onlinepubs/9699919799/functions/exec.html As you can see the function shall fail if the file was not open with O_EXEC! And yet, if you look closer you can find this mess in the exec.html: Since execute permission is checked by fexecve(), the file description fd need not have been opened with the O_EXEC flag. Yes, O_EXEC flag doesn't have to be specified after all. You can open a file with O_RDONLY and you still be able to fexecve(2) it. Modified: head/sys/kern/kern_exec.c Modified: head/sys/kern/kern_exec.c ============================================================================== --- head/sys/kern/kern_exec.c Thu Sep 27 15:45:24 2012 (r240999) +++ head/sys/kern/kern_exec.c Thu Sep 27 16:43:23 2012 (r241000) @@ -441,10 +441,10 @@ interpret: } else { AUDIT_ARG_FD(args->fd); /* - * Some might argue that CAP_MMAP should also be required here; - * such arguments will be entertained. + * Some might argue that CAP_READ and/or CAP_MMAP should also + * be required here; such arguments will be entertained. * - * Descriptors opened only with O_EXEC are allowed. + * Descriptors opened only with O_EXEC or O_RDONLY are allowed. */ error = fgetvp_exec(td, args->fd, CAP_FEXECVE, &binvp); if (error)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201209271643.q8RGhOAP055026>