In article <[email protected]>, Christoph Badura <[email protected]> wrote: >On Tue, Sep 10, 2019 at 09:45:50PM +0200, Christoph Badura wrote: >> This is to catch the following case(s): The file might have the >> following permissions "--x--x--x" (or equivalent where the open()ing >> process doesn't have read or write permission). Since you can open such > ^can't open such >> a file for reading or writing (except as root) you need an additional >> flag to open() to obtain a file descriptor that can be passed to >> fexecve(). That's what O_EXEC is for. Whether the receiving process >> can successfully fexecve(2) such a file descriptor is another matter. >> That's what the "execute permission is checked by fexecve()" specifies.
The implementation I posted requires O_EXEC because this is the only way to set FEXEC which is part of the check_exec() tests. Of course we can elide this test and not require it in the fd case. It just seems nicely symmetric to me the way it is now. christos
