Abhishekmishra2808 opened a new pull request, #19122: URL: https://github.com/apache/nuttx/pull/19122
*Note: Please adhere to [Contributing Guidelines](https://github.com/apache/nuttx/blob/master/CONTRIBUTING.md).* ## Summary Adds a pre-load permission check in exec_internal() to verify the calling task has the required execute (x) bits for the target file. Properly evaluates root (euid == 0), owner, group, and other permissions. This ensures POSIX compliance and cleanly rejects unauthorized files with -EACCES before they reach the ELF loader, preventing unnecessary memory allocation and downstream hardware execution faults. ## Impact Brings the binfmt subsystem into stricter adherence with standard POSIX execution semantics. ## Testing Hardware: ESP32-C3 SuperMini Configuration: esp32c3-devkit:usbconsole Enabled Flags: CONFIG_ELF, CONFIG_FS_ROMFS, CONFIG_SCHED_USER_IDENTITY, CONFIG_FS_PERMISSION Methodology: Compiled ELF binaries were embedded into a ROMFS image to guarantee static, immutable file permissions during the test. The tests verify that exec_internal() correctly evaluates the POSIX mode before handing the file off to the ELF loader. ### Test A: Execution Denied (Mode 0444) - Setup: ROMFS ELF embedded with -r--r--r-- permissions. - Result: The pre-load check successfully intercepts the call. It evaluates the mode, denies execution, and cleanly returns -EACCES. The system remains entirely stable with no memory allocated. <img width="865" height="647" alt="image" src="https://github.com/user-attachments/assets/f0de0add-6a76-44d3-b43f-edb6446cf0f3"; /> ### Test B: Execution Allowed (Mode 0555) - Setup: ROMFS ELF embedded with -r-xr-xr-x permissions. - Result: The pre-load check successfully validates the x bits and allows the execution to proceed to the ELF loader. <img width="855" height="702" alt="image" src="https://github.com/user-attachments/assets/47da6bbc-ffec-4d92-92af-0b79ba6d2999"; /> Note on ESP32-C3 Hardware limitation: As shown in the trace, the execution successfully passes the permission gate (ALLOWED (root)), but then triggers an Instruction access fault. This is a known, separate ESP32-C3 platform limitation where the ELF loader currently allocates text segments to non-executable DRAM. (https://github.com/apache/nuttx/issues/19120) The crash confirms that the software permission gate successfully opened and handed the file to the loader. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
