From c8e781f6e0362164e10f809779e5fbb51d7439aa Mon Sep 17 00:00:00 2001 From: Pawel Jakub Dawidek Date: Thu, 27 Sep 2012 16:43:23 +0000 Subject: [PATCH] Revert r240931, as the previous comment was actually in sync with POSIX. I have to note that POSIX is simply stupid in how it describes O_EXEC/fexecve and friends. Yes, not only inconsistent, but stupid. In the open(2) description, O_RDONLY flag is described as: O_RDONLY Open for reading only. Taken from: http://pubs.opengroup.org/onlinepubs/9699919799/functions/open.html Note "for reading only". Not "for reading or executing"! In the fexecve(2) description you can find: The fexecve() function shall fail if: [EBADF] The fd argument is not a valid file descriptor open for executing. Taken from: http://pubs.opengroup.org/onlinepubs/9699919799/functions/exec.html As you can see the function shall fail if the file was not open with O_EXEC! And yet, if you look closer you can find this mess in the exec.html: Since execute permission is checked by fexecve(), the file description fd need not have been opened with the O_EXEC flag. Yes, O_EXEC flag doesn't have to be specified after all. You can open a file with O_RDONLY and you still be able to fexecve(2) it. --- sys/kern/kern_exec.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index 20a9b8176c2..90f7311b820 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -441,10 +441,10 @@ interpret: } else { AUDIT_ARG_FD(args->fd); /* - * Some might argue that CAP_MMAP should also be required here; - * such arguments will be entertained. + * Some might argue that CAP_READ and/or CAP_MMAP should also + * be required here; such arguments will be entertained. * - * Descriptors opened only with O_EXEC are allowed. + * Descriptors opened only with O_EXEC or O_RDONLY are allowed. */ error = fgetvp_exec(td, args->fd, CAP_FEXECVE, &binvp); if (error)