Re: fexecve, round 2

[David Laight <david%l8s.co.uk@localhost>]

On Mon, Nov 19, 2012 at 11:25:07AM -0500, Thor Lancelot Simon wrote:
> On Mon, Nov 19, 2012 at 03:13:02PM +0000, Emmanuel Dreyfus wrote:
> > On Mon, Nov 19, 2012 at 02:39:36PM +0000, Julian Yon wrote:
> > > No, Emmanuel is right: "[...] use the O_EXEC flag when opening fd. In
> > > this case, the application will not be able to perform a checksum test
> > > since it will not be able to read the contents of the file." You can
> > > open with --x but (correctly) you can't read from the file.

Given the comments later about O_SEARCH | O_RDONLY not being distinguishable
from O_SEARCH (because, historically, O_RDONLY is zero) and 'similarly
for O_EXEC' I suspect the wording of the sections got reworded quite
late on - and probably after the bar had opened and everyone at the
meeting was hungry!

I suspect that, for --x------ items opens with O_EXEC or O_SEARCH
might need to succeed, and any later read/mmap requests fail.

> > And it means the standard mandates that one can execute without
> > read access. Weird.
> 
> What's weird about that?
> 
> % cp /bin/ls /tmp
> % chmod 100 /tmp/ls
> % ls -l /tmp/ls
> ---x------  1 tls  users  24521 Nov 19 11:24 /tmp/ls
> % /tmp/ls -l /tmp/ls
> ---x------  1 tls  users  24521 Nov 19 11:24 /tmp/ls
> %

More fun are #! scripts that are --s------
Typically they can be executed by everyone except the owner!
(Provided suid scripts are allowed - and I don't know any reason
why they shouldn't be provided the kernel passes the open fd to
the interpreter.)

        David

-- 
David Laight: david%l8s.co.uk@localhost