Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 27 Sep 2012 16:43:24 +0000 (UTC)
From:      Pawel Jakub Dawidek <pjd@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r241000 - head/sys/kern
Message-ID:  <201209271643.q8RGhOAP055026@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: pjd
Date: Thu Sep 27 16:43:23 2012
New Revision: 241000
URL: http://svn.freebsd.org/changeset/base/241000

Log:
  Revert r240931, as the previous comment was actually in sync with POSIX.
  
  I have to note that POSIX is simply stupid in how it describes O_EXEC/fexecve
  and friends. Yes, not only inconsistent, but stupid.
  
  In the open(2) description, O_RDONLY flag is described as:
  
  	O_RDONLY	Open for reading only.
  
  Taken from:
  
  	http://pubs.opengroup.org/onlinepubs/9699919799/functions/open.html
  
  Note "for reading only". Not "for reading or executing"!
  
  In the fexecve(2) description you can find:
  
  	The fexecve() function shall fail if:
  
  	[EBADF]
  		The fd argument is not a valid file descriptor open for executing.
  
  Taken from:
  
  	http://pubs.opengroup.org/onlinepubs/9699919799/functions/exec.html
  
  As you can see the function shall fail if the file was not open with O_EXEC!
  
  And yet, if you look closer you can find this mess in the exec.html:
  
  	Since execute permission is checked by fexecve(), the file description
  	fd need not have been opened with the O_EXEC flag.
  
  Yes, O_EXEC flag doesn't have to be specified after all. You can open a file
  with O_RDONLY and you still be able to fexecve(2) it.

Modified:
  head/sys/kern/kern_exec.c

Modified: head/sys/kern/kern_exec.c
==============================================================================
--- head/sys/kern/kern_exec.c	Thu Sep 27 15:45:24 2012	(r240999)
+++ head/sys/kern/kern_exec.c	Thu Sep 27 16:43:23 2012	(r241000)
@@ -441,10 +441,10 @@ interpret:
 	} else {
 		AUDIT_ARG_FD(args->fd);
 		/*
-		 * Some might argue that CAP_MMAP should also be required here;
-		 * such arguments will be entertained.
+		 * Some might argue that CAP_READ and/or CAP_MMAP should also
+		 * be required here; such arguments will be entertained.
 		 *
-		 * Descriptors opened only with O_EXEC are allowed.
+		 * Descriptors opened only with O_EXEC or O_RDONLY are allowed.
 		 */
 		error = fgetvp_exec(td, args->fd, CAP_FEXECVE, &binvp);
 		if (error)



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201209271643.q8RGhOAP055026>