> On Sep 10, 2019, at 8:31 PM, Kamil Rytarowski <[email protected]> wrote: > > I don't know. I was looking for a corner case when we would skip this > cache of O_EXEC on fexecve(). > > POSIX states: > > https://pubs.opengroup.org/onlinepubs/9699919799/functions/exec.html > > 'Since execute permission is checked by fexecve(), the file description > fd need not have been opened with the O_EXEC flag. '
Right, I understand that O_EXEC is there for binaries that are "-r-x--x--x" and you're just some random "other" user that wants to exec the file. Obviously you have to be able to open it to get a descriptor, so O_EXEC is there for this case ... such a descriptor grants neither read nor write, but it allows you to get a descriptor, and a descriptor + "x"-permission-for-you on the file is all you need to fexecve() (just as if you were using regular execve()). > but it is unclear to me later: > > 'However, if the file to be executed denies read and write permission > for the process preparing to do the exec, the only way to provide the fd > to fexecve() will be to use the O_EXEC flag when opening fd. In this > case, the application will not be able to perform a checksum test since > it will not be able to read the contents of the file.' "the application" ... of course nothing precludes the kernel (or its delegate) from performing a code signing check in this case. -- thorpej
