aboutsummaryrefslogtreecommitdiff
path: root/sys/kern/kern_exec.c
diff options
context:
space:
mode:
authorKonstantin Belousov <kib@FreeBSD.org>2021-11-03 12:51:06 +0000
committerKonstantin Belousov <kib@FreeBSD.org>2021-11-03 16:00:42 +0000
commitbe10c0a910155709dc4e521db3349d50e0440018 (patch)
tree018442960c4e41f52fc25efd9ae00d7cd6c7b82c /sys/kern/kern_exec.c
parent02de91d740235f186321d7d3e11d09737daba43e (diff)
downloadsrc-be10c0a910155709dc4e521db3349d50e0440018.tar.gz
src-be10c0a910155709dc4e521db3349d50e0440018.zip
Diffstat (limited to 'sys/kern/kern_exec.c')
-rw-r--r--sys/kern/kern_exec.c13
1 files changed, 10 insertions, 3 deletions
diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c
index c5b450b04240..575771346fd1 100644
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@@ -530,13 +530,20 @@ interpret:
}
} else {
AUDIT_ARG_FD(args->fd);
+
/*
- * Descriptors opened only with O_EXEC or O_RDONLY are allowed.
+ * If the descriptors was not opened with O_PATH, then
+ * we require that it was opened with O_EXEC or
+ * O_RDONLY. In either case, exec_check_permissions()
+ * below checks _current_ file access mode regardless
+ * of the permissions additionally checked at the
+ * open(2).
*/
error = fgetvp_exec(td, args->fd, &cap_fexecve_rights,
&newtextvp);
- if (error)
+ if (error != 0)
goto exec_fail;
+
if (vn_fullpath(newtextvp, &imgp->execpath,
&imgp->freepath) != 0)
imgp->execpath = args->fname;
@@ -881,7 +888,7 @@ interpret:
/*
* Store the vp for use in kern.proc.pathname. This vnode was
- * referenced by namei() or fgetvp_exec().
+ * referenced by namei() or by fexecve variant of fname handling.
*/
oldtextvp = p->p_textvp;
p->p_textvp = newtextvp;